056aebb2ab53272f975677af427ec532e952a9bfa370b95a3c1b641e4318b672 | Triage

Sharing

General

Target

667f26309a807ef00e3b4d193aedf9d5
Size

161KB
Sample

240119-bfrxysccaq
MD5

667f26309a807ef00e3b4d193aedf9d5
SHA1

8d3a19531380dd9f4eeb989d6df76a754bf4812a
SHA256

056aebb2ab53272f975677af427ec532e952a9bfa370b95a3c1b641e4318b672
SHA512

1e32b54714f2bbe25347d8cbafc992ea6d8c5d16e9fcc7352223379fcefefa7625cd6db35cc7be8cd89a9efd418f2114f40bdafd8f6c896322a14053bdd7b203
SSDEEP

3072:2v+ACHDM1yHuxb9mWpXwWn4aSc0Pcg0J/MUYyymgp07KQO:ACHUVxb9mSXrSjl0Jdd7Kz

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  667f26309a807ef00e3b4d193aedf9d5
- Size
  
  161KB
- MD5
  
  667f26309a807ef00e3b4d193aedf9d5
- SHA1
  
  8d3a19531380dd9f4eeb989d6df76a754bf4812a
- SHA256
  
  056aebb2ab53272f975677af427ec532e952a9bfa370b95a3c1b641e4318b672
- SHA512
  
  1e32b54714f2bbe25347d8cbafc992ea6d8c5d16e9fcc7352223379fcefefa7625cd6db35cc7be8cd89a9efd418f2114f40bdafd8f6c896322a14053bdd7b203
- SSDEEP
  
  3072:2v+ACHDM1yHuxb9mWpXwWn4aSc0Pcg0J/MUYyymgp07KQO:ACHUVxb9mSXrSjl0Jdd7Kz
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2