General
-
Target
d5c0204c353df61ec441c834c56c4b03
-
Size
243KB
-
Sample
240319-k9c6bsgg4y
-
MD5
d5c0204c353df61ec441c834c56c4b03
-
SHA1
4df64a5b956fb7b67bb5489bd069b755cd535f2a
-
SHA256
dffde103274f93ec565bc1f394c6b94bea9c0d0c7dc9283a5b61d9adba348eba
-
SHA512
86aa77d0d8db09e16e6158606e67a1bff81b58ea7c9432104e508b888a0235f5b3959d16d17f99a2ffd8dcdbf57715f77ae51843b62e6c7aa9f052a14bdf0208
-
SSDEEP
6144:Q0a3JZG91AD8A28YoJCoIahGg69dAAxg3gzN3:Q0UGYeOXh3eAAig5
Static task
static1
Behavioral task
behavioral1
Sample
d5c0204c353df61ec441c834c56c4b03.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d5c0204c353df61ec441c834c56c4b03.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
d5c0204c353df61ec441c834c56c4b03
-
Size
243KB
-
MD5
d5c0204c353df61ec441c834c56c4b03
-
SHA1
4df64a5b956fb7b67bb5489bd069b755cd535f2a
-
SHA256
dffde103274f93ec565bc1f394c6b94bea9c0d0c7dc9283a5b61d9adba348eba
-
SHA512
86aa77d0d8db09e16e6158606e67a1bff81b58ea7c9432104e508b888a0235f5b3959d16d17f99a2ffd8dcdbf57715f77ae51843b62e6c7aa9f052a14bdf0208
-
SSDEEP
6144:Q0a3JZG91AD8A28YoJCoIahGg69dAAxg3gzN3:Q0UGYeOXh3eAAig5
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-