General
-
Target
d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6
-
Size
140KB
-
Sample
241122-e5qmzazqfq
-
MD5
02a93781de1b642b89e9617ae9e1e733
-
SHA1
dfd8eed9bab5377c2155c310ea610f28d85ded38
-
SHA256
d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6
-
SHA512
2587c1efe70d923f0e8bf399733eea61d20f68fe885686167262e6a0f2c7b48f88be5ed0aff7d1431afede0f93660d5c02afa62581e62e81ac7ab394ed30f277
-
SSDEEP
3072:F/nU3TQCUKnNlF7ZrHRiaL9qJdZre4/6SRkBK0IocitaoLBms:W38Cb7pqtK42BK0ltpdm
Malware Config
Targets
-
-
Target
d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6
-
Size
140KB
-
MD5
02a93781de1b642b89e9617ae9e1e733
-
SHA1
dfd8eed9bab5377c2155c310ea610f28d85ded38
-
SHA256
d426c1111731c93fabcb8e78d9bfd62ac31b391033a6117d02efcbb0db5e40a6
-
SHA512
2587c1efe70d923f0e8bf399733eea61d20f68fe885686167262e6a0f2c7b48f88be5ed0aff7d1431afede0f93660d5c02afa62581e62e81ac7ab394ed30f277
-
SSDEEP
3072:F/nU3TQCUKnNlF7ZrHRiaL9qJdZre4/6SRkBK0IocitaoLBms:W38Cb7pqtK42BK0ltpdm
Score10/10-
Modifies security service
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1