9a5b1d0b07b40ec0cc2df2c47790ae49a6d85c009a57a73f20a4c830cefce2df | Triage

Sharing

General

Target

d8fbb68526394132a8d72ebf9fee635f
Size

147KB
Sample

240320-rcz26aab26
MD5

d8fbb68526394132a8d72ebf9fee635f
SHA1

4fa9de1e5b40dbc2c70ad36cbe73e04995a87313
SHA256

9a5b1d0b07b40ec0cc2df2c47790ae49a6d85c009a57a73f20a4c830cefce2df
SHA512

e72b888c291a7ad71d3933ccc051103ed26e02bc9ea71575e627a940c2264688fa9d72a30fb609a92b7c61794d4c90fc895acca19c4732826f27ab8098cad5cc
SSDEEP

3072:Awe1u7ffuWeMFTFbNwQpm/POBQlIN9STDJTp2ZL0gMarC9bOpCYQmJsY1:Ac7HB5Lb/pWPts9STJp24arC0CYQg1

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  003968f5.exe
- Size
  
  156KB
- MD5
  
  3a1f9e592937513387c9c1880f795757
- SHA1
  
  421b648186fb7be8e35c752f0aebf49aa0b702cb
- SHA256
  
  90922294e0c48386680d8bd3aa24f571746f2413c401c8b5e40a10e5dac859f2
- SHA512
  
  76a7693e5aaaabc25b1a9b036400617feeed5942cdae7fba9a8f5cccec22ab53140bd25f5f8e1a943a77dd49a02a49d03e4f3a62ae01e2d69b4be94185be5866
- SSDEEP
  
  3072:Z612XVqqVIAlGDInCOx7EVgeLCStSrsfp4ZdWh9NRI+JcMb8tyvl9RXECagIQCs7:I1MTZNiLCSSrc4ZdWh9tqit9WgFTDN1h
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2