General
-
Target
5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937
-
Size
173KB
-
Sample
241102-z8e1vsymgk
-
MD5
ee2c750d7ec3042b9d4d4904dc3b1320
-
SHA1
8d5e00a8df5dd76957887b868d818104d88d564f
-
SHA256
5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937
-
SHA512
ed72977df055de5d1fdc605d90b55664c0d40703925d9d3494173465541764d40b8e30578b8e7b7a1ee7d43e61d7da40f977ef7e7e5870cd84d9e5bf87003206
-
SSDEEP
3072:C5VK0lTSG9xoC+CQpiU5M8U3mjfv2JxhGtBx0N4w:d0T9xB+CUamjfvIxhGtB6N
Behavioral task
behavioral1
Sample
5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937
-
Size
173KB
-
MD5
ee2c750d7ec3042b9d4d4904dc3b1320
-
SHA1
8d5e00a8df5dd76957887b868d818104d88d564f
-
SHA256
5763fff8f76f0a7b3f79577c4ae70766d6fda126a16cb6ae65486be5bbc95937
-
SHA512
ed72977df055de5d1fdc605d90b55664c0d40703925d9d3494173465541764d40b8e30578b8e7b7a1ee7d43e61d7da40f977ef7e7e5870cd84d9e5bf87003206
-
SSDEEP
3072:C5VK0lTSG9xoC+CQpiU5M8U3mjfv2JxhGtBx0N4w:d0T9xB+CUamjfvIxhGtB6N
-
Blackmoon family
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat family
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Server Software Component: Terminal Services DLL
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1