General
-
Target
dbe0502aa431a4db574e2bec4ffc1f74
-
Size
264KB
-
Sample
240321-r12kwsfc8s
-
MD5
dbe0502aa431a4db574e2bec4ffc1f74
-
SHA1
cae29735864259b21dc25ed2fd04d8da6fd13f6d
-
SHA256
c65ece430ed5094a3911a30b91823c4714925a19cb8081ab8680f23b79f70ae9
-
SHA512
c526292ccafe10c83031871037f3d3cb157bf3c9431d78dd3a273d3d3fa1364279b4ad5944b0ca64409ce7e57c50a72227f420dc0e735ecfcb94c6f8758bf7d8
-
SSDEEP
6144:mAAExK5ufKof8a6du0tof2cPc4F5jOUJtM3ZtyXC4ScK73:vAN8f4fuyoV5jfJq3LyXC4ScE
Malware Config
Targets
-
-
Target
dbe0502aa431a4db574e2bec4ffc1f74
-
Size
264KB
-
MD5
dbe0502aa431a4db574e2bec4ffc1f74
-
SHA1
cae29735864259b21dc25ed2fd04d8da6fd13f6d
-
SHA256
c65ece430ed5094a3911a30b91823c4714925a19cb8081ab8680f23b79f70ae9
-
SHA512
c526292ccafe10c83031871037f3d3cb157bf3c9431d78dd3a273d3d3fa1364279b4ad5944b0ca64409ce7e57c50a72227f420dc0e735ecfcb94c6f8758bf7d8
-
SSDEEP
6144:mAAExK5ufKof8a6du0tof2cPc4F5jOUJtM3ZtyXC4ScK73:vAN8f4fuyoV5jfJq3LyXC4ScE
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-