General
-
Target
3daca36550fd85306770e889a9d4d116.exe
-
Size
260KB
-
Sample
240101-yn1amabee6
-
MD5
3daca36550fd85306770e889a9d4d116
-
SHA1
0e1a9693d795a086d16a748bf56fae378a1dbc71
-
SHA256
21a88c8052866336ad4d2e76e96cf1b9f9bbff300f0fefa26ccb9858b38743e8
-
SHA512
f3586132ba74aeb5b4060e12fb4840c59ac869fb5dab28be50032242ac9689597c9437d76cdb32f268394b898fc9e355b54e236a7597880021e2b390336aa6de
-
SSDEEP
6144:hG5tC/XKOWN5osp7Pbk0YscXyLzGoB/Ml+1hO4qUsKpC:kYvK95osZfcecYR
Malware Config
Targets
-
-
Target
3daca36550fd85306770e889a9d4d116.exe
-
Size
260KB
-
MD5
3daca36550fd85306770e889a9d4d116
-
SHA1
0e1a9693d795a086d16a748bf56fae378a1dbc71
-
SHA256
21a88c8052866336ad4d2e76e96cf1b9f9bbff300f0fefa26ccb9858b38743e8
-
SHA512
f3586132ba74aeb5b4060e12fb4840c59ac869fb5dab28be50032242ac9689597c9437d76cdb32f268394b898fc9e355b54e236a7597880021e2b390336aa6de
-
SSDEEP
6144:hG5tC/XKOWN5osp7Pbk0YscXyLzGoB/Ml+1hO4qUsKpC:kYvK95osZfcecYR
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-