d4b97b1e59e99235af7aae89b12d3c20d7648f22b4ba924eedbbbdbc7c0d9405 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5823a8ae676989d3f2710c9e8548007f
Size

98KB
Sample

240113-ghx5msdahl
MD5

5823a8ae676989d3f2710c9e8548007f
SHA1

e726d0970b57de22a0f4b717dd2ad77ffa296e30
SHA256

d4b97b1e59e99235af7aae89b12d3c20d7648f22b4ba924eedbbbdbc7c0d9405
SHA512

05a1d6af5b9e2c4976ada7c5bb15e515190e85c628d314eaadd77b3de4c0b324d20c40fc1be2a3f995f6e60ae974d620552fa9d1ce32bbb80201de45fe48ce3b
SSDEEP

1536:SgfLUDtzkT1Lk6JF5g2rHGHfqKfq/oieDnLQdKfDwMrU1ms46KWUiG4:SgAug2rQWerL7ns49WUiF

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  5823a8ae676989d3f2710c9e8548007f
- Size
  
  98KB
- MD5
  
  5823a8ae676989d3f2710c9e8548007f
- SHA1
  
  e726d0970b57de22a0f4b717dd2ad77ffa296e30
- SHA256
  
  d4b97b1e59e99235af7aae89b12d3c20d7648f22b4ba924eedbbbdbc7c0d9405
- SHA512
  
  05a1d6af5b9e2c4976ada7c5bb15e515190e85c628d314eaadd77b3de4c0b324d20c40fc1be2a3f995f6e60ae974d620552fa9d1ce32bbb80201de45fe48ce3b
- SSDEEP
  
  1536:SgfLUDtzkT1Lk6JF5g2rHGHfqKfq/oieDnLQdKfDwMrU1ms46KWUiG4:SgAug2rQWerL7ns49WUiF
Score

8^/10

evasion
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2