7351147e7f1add344cb20f141dfae9e1831f21f1422a0f39a6bed2b68460f973 | Triage

Sharing

General

Target

73d6f2ac24b7d56fbc57027cc97b2533
Size

154KB
Sample

240125-f1458shah3
MD5

73d6f2ac24b7d56fbc57027cc97b2533
SHA1

22e6000efb3c8105523895cba69046e64c0ac7fb
SHA256

7351147e7f1add344cb20f141dfae9e1831f21f1422a0f39a6bed2b68460f973
SHA512

b98db9f01bd64e4d2b35d9c4a187ab90d6920be00e503cd97c6caf2d60743201300caf52ea08c6c7ae39cc56fc692a42c379bdb7a81653453712557c2078ed0e
SSDEEP

3072:5W74Xt/i0xBebAAcWU7oCtbBCYCIXbbeKxrjIjhIFh4HalmlNXBSpJ:5W7OZi0xB3zb+I2KxPGIFh46lmjcH

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  73d6f2ac24b7d56fbc57027cc97b2533
- Size
  
  154KB
- MD5
  
  73d6f2ac24b7d56fbc57027cc97b2533
- SHA1
  
  22e6000efb3c8105523895cba69046e64c0ac7fb
- SHA256
  
  7351147e7f1add344cb20f141dfae9e1831f21f1422a0f39a6bed2b68460f973
- SHA512
  
  b98db9f01bd64e4d2b35d9c4a187ab90d6920be00e503cd97c6caf2d60743201300caf52ea08c6c7ae39cc56fc692a42c379bdb7a81653453712557c2078ed0e
- SSDEEP
  
  3072:5W74Xt/i0xBebAAcWU7oCtbBCYCIXbbeKxrjIjhIFh4HalmlNXBSpJ:5W7OZi0xB3zb+I2KxPGIFh46lmjcH
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2