General
-
Target
44dda79d57cab147763821a8b7538921
-
Size
288KB
-
Sample
240106-a8vnwaeha3
-
MD5
44dda79d57cab147763821a8b7538921
-
SHA1
f0b7aa5c86c0d422e08879c847964deb6b4e283d
-
SHA256
85119c7398f8c0e4eba8eeb5e6faeeb2d5951dfb87e4d7bb3f68157acc31bb7f
-
SHA512
5f26ad91ccb1f9d00c50df37ed2bbaa28ca4ed1924b88be15987ccc0cf052f6b58518491c3bec7c4074c128e483be4a1a7059f2404bce423329a297ffbfaf0b2
-
SSDEEP
6144:qd+kUXo2jyeq7EXtBqIE4+WnYAmpYesrsqbkhXyVvO7C1cwPh5HWAAr6LkQV6MHa:qTGo2jygX6B4+k33g5yw7CSoh52drOkj
Malware Config
Targets
-
-
Target
44dda79d57cab147763821a8b7538921
-
Size
288KB
-
MD5
44dda79d57cab147763821a8b7538921
-
SHA1
f0b7aa5c86c0d422e08879c847964deb6b4e283d
-
SHA256
85119c7398f8c0e4eba8eeb5e6faeeb2d5951dfb87e4d7bb3f68157acc31bb7f
-
SHA512
5f26ad91ccb1f9d00c50df37ed2bbaa28ca4ed1924b88be15987ccc0cf052f6b58518491c3bec7c4074c128e483be4a1a7059f2404bce423329a297ffbfaf0b2
-
SSDEEP
6144:qd+kUXo2jyeq7EXtBqIE4+WnYAmpYesrsqbkhXyVvO7C1cwPh5HWAAr6LkQV6MHa:qTGo2jygX6B4+k33g5yw7CSoh52drOkj
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-