General
-
Target
setup.exe
-
Size
31.7MB
-
Sample
241221-r6vpja1qel
-
MD5
c9cb2ab238b85bef33a7c9708bc11bab
-
SHA1
5ac1c74ef46442c318eebff12b3040f4384af845
-
SHA256
8fa8de0a86ed14662dda7d8e1ae24ef5950ff87c5525f3d801691cdd34279387
-
SHA512
ea2457277b1a3871cb531353b3377cbb7b547c0e86be9072120b43f34a44054f1fea9caae5eb8f1c59de5ec5127b4c61046631be8253d180fdceced7d67dc7bf
-
SSDEEP
786432:Twmur2zWxJcxqbtMyipVTXbByGHpm0UStynQNzxEjR4VzP:o0WxqxqZMFX5pxPzCYP
Malware Config
Targets
-
-
Target
setup.exe
-
Size
31.7MB
-
MD5
c9cb2ab238b85bef33a7c9708bc11bab
-
SHA1
5ac1c74ef46442c318eebff12b3040f4384af845
-
SHA256
8fa8de0a86ed14662dda7d8e1ae24ef5950ff87c5525f3d801691cdd34279387
-
SHA512
ea2457277b1a3871cb531353b3377cbb7b547c0e86be9072120b43f34a44054f1fea9caae5eb8f1c59de5ec5127b4c61046631be8253d180fdceced7d67dc7bf
-
SSDEEP
786432:Twmur2zWxJcxqbtMyipVTXbByGHpm0UStynQNzxEjR4VzP:o0WxqxqZMFX5pxPzCYP
Score8/10-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1