Overview

overview

10

Static

static

3

2024-11-13...ia.exe

windows7-x64

10

2024-11-13...ia.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-13_d1acdbb272c6f96b26e20023071adea9_mafia

  • Size

    527KB

  • Sample

    241113-fzeh7axaql

  • MD5

    d1acdbb272c6f96b26e20023071adea9

  • SHA1

    74a0c897226375d8fc1bfc12cb880495b150fd46

  • SHA256

    20c28cb39fd3066baf186bb0ff59461adcd254e725c4146b7687686daf6e9c70

  • SHA512

    48cbfdb1c98876d3cdd32b398c1baa716233a519f49a849d301595cce0d118c87b100302b23955c54f679c590ddbc1e16b83f11283d2f944807be3e2251143a1

  • SSDEEP

    12288:fU5rCOTeidDJZKzBk6TiyoCw9P1yey+jDZu:fUQOJdDJZKzB6/t99yePjDo

Score
10/10
anchordnsbackdoordiscovery

Malware Config

Targets

    • Target

      2024-11-13_d1acdbb272c6f96b26e20023071adea9_mafia

    • Size

      527KB

    • MD5

      d1acdbb272c6f96b26e20023071adea9

    • SHA1

      74a0c897226375d8fc1bfc12cb880495b150fd46

    • SHA256

      20c28cb39fd3066baf186bb0ff59461adcd254e725c4146b7687686daf6e9c70

    • SHA512

      48cbfdb1c98876d3cdd32b398c1baa716233a519f49a849d301595cce0d118c87b100302b23955c54f679c590ddbc1e16b83f11283d2f944807be3e2251143a1

    • SSDEEP

      12288:fU5rCOTeidDJZKzBk6TiyoCw9P1yey+jDZu:fUQOJdDJZKzB6/t99yePjDo

    Score
    10/10
    anchordnsbackdoordiscovery

    • AnchorDNS Backdoor

      A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.

      backdooranchordns

    • Anchordns family

      anchordns

    • Detected AnchorDNS Backdoor

      Sample triggered yara rules associated with the AnchorDNS malware family.

      backdoor

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks