General
-
Target
95a34321e790feaa5eb52be7407a6b78
-
Size
245KB
-
Sample
240206-2k27labgdl
-
MD5
95a34321e790feaa5eb52be7407a6b78
-
SHA1
17ab8f6c2952544475fd3d3907b083fe950e3694
-
SHA256
263f626328b872985dd8839942eed9401dec0db6196052bff5c30286d2dd5d99
-
SHA512
7b469d892d481924302be8c9e66771bfe5db89e4ee168de49a7ee26133c97b432abb1c17d7b4262307a6dfaa3f862562267fa448c92b557982e1db8ddaa0287e
-
SSDEEP
6144:UA4nSSpKnK7b+1Czdh3/0VZ494C78ELJfdjy:D4nBoKvDzz8VvgJF1jy
Static task
static1
Behavioral task
behavioral1
Sample
95a34321e790feaa5eb52be7407a6b78.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
95a34321e790feaa5eb52be7407a6b78.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
95a34321e790feaa5eb52be7407a6b78
-
Size
245KB
-
MD5
95a34321e790feaa5eb52be7407a6b78
-
SHA1
17ab8f6c2952544475fd3d3907b083fe950e3694
-
SHA256
263f626328b872985dd8839942eed9401dec0db6196052bff5c30286d2dd5d99
-
SHA512
7b469d892d481924302be8c9e66771bfe5db89e4ee168de49a7ee26133c97b432abb1c17d7b4262307a6dfaa3f862562267fa448c92b557982e1db8ddaa0287e
-
SSDEEP
6144:UA4nSSpKnK7b+1Czdh3/0VZ494C78ELJfdjy:D4nBoKvDzz8VvgJF1jy
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-