7cdb17bdce841cb46c92a08f96e087eaefb5355fb96538e10892f4f1a148d5ba | Triage

Sharing

General

Target

526d0f42207d6bc39ad0b7945ba22e81
Size

177KB
Sample

240111-d5klaaeff9
MD5

526d0f42207d6bc39ad0b7945ba22e81
SHA1

99019afbe63d7236636e8fc48729e34e336d3557
SHA256

7cdb17bdce841cb46c92a08f96e087eaefb5355fb96538e10892f4f1a148d5ba
SHA512

97cc7556a0a7aab683d7fce1a375242f41081c4ffb68593b3ee59a70f5085a1749819dbaddbd6a197d6048fc3eb310e3ae4ea19fae920a5e952ab97dc08f87f3
SSDEEP

3072:lxSIRXCICXYmLYBbmSUcnju5jBNN+KkJl5Cn1k7PWqrNH5VGE6wrF7Gdd1:3SIcI89LYBbmtIu5jklnAS7PhZD774

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  526d0f42207d6bc39ad0b7945ba22e81
- Size
  
  177KB
- MD5
  
  526d0f42207d6bc39ad0b7945ba22e81
- SHA1
  
  99019afbe63d7236636e8fc48729e34e336d3557
- SHA256
  
  7cdb17bdce841cb46c92a08f96e087eaefb5355fb96538e10892f4f1a148d5ba
- SHA512
  
  97cc7556a0a7aab683d7fce1a375242f41081c4ffb68593b3ee59a70f5085a1749819dbaddbd6a197d6048fc3eb310e3ae4ea19fae920a5e952ab97dc08f87f3
- SSDEEP
  
  3072:lxSIRXCICXYmLYBbmSUcnju5jBNN+KkJl5Cn1k7PWqrNH5VGE6wrF7Gdd1:3SIcI89LYBbmtIu5jklnAS7PhZD774
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2