General
-
Target
765e7c536aaca5b29228227b7e4c0c54
-
Size
257KB
-
Sample
240126-eyjabadhh6
-
MD5
765e7c536aaca5b29228227b7e4c0c54
-
SHA1
d4aac6b46ae174d4adff8c114ab4eb6f957f2ce8
-
SHA256
bcde1a1b358288bda4eeb85088703c509df57719c60b5417d4c1c56bdc631d24
-
SHA512
580318010e0f98419eea5a40d11d933280bb10a05d918edd331b57b5fd054b1141465b8c1ab3dfba99d633416496f0ec248398156d38f297ca1ea5a411848efa
-
SSDEEP
6144:SNCMjUidDzOW8qGt8WP9Itvy5UnByKtIr89VhsKCAArs5Jn7u:SkMjFOW8q6JVItvtnB4rWhsKCAArs5JK
Malware Config
Targets
-
-
Target
765e7c536aaca5b29228227b7e4c0c54
-
Size
257KB
-
MD5
765e7c536aaca5b29228227b7e4c0c54
-
SHA1
d4aac6b46ae174d4adff8c114ab4eb6f957f2ce8
-
SHA256
bcde1a1b358288bda4eeb85088703c509df57719c60b5417d4c1c56bdc631d24
-
SHA512
580318010e0f98419eea5a40d11d933280bb10a05d918edd331b57b5fd054b1141465b8c1ab3dfba99d633416496f0ec248398156d38f297ca1ea5a411848efa
-
SSDEEP
6144:SNCMjUidDzOW8qGt8WP9Itvy5UnByKtIr89VhsKCAArs5Jn7u:SkMjFOW8q6JVItvtnB4rWhsKCAArs5JK
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-