General
-
Target
e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253
-
Size
220KB
-
Sample
210802-mb3ws1dgre
-
MD5
8ba293749c97cbf48f30f02c66d3406d
-
SHA1
6a7492a26d0a16320daa2cb187232fc0053f4f5f
-
SHA256
e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253
-
SHA512
041e3f65fcb877eb19f5d63cb79d2eb6327ee4b06191a3a4202a736fb6215cd2b2b5c436c081b0165acf2b1b0341c8c551bbf166f8f46ce48fedd7d23ff74049
Static task
static1
Behavioral task
behavioral1
Sample
e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253
-
Size
220KB
-
MD5
8ba293749c97cbf48f30f02c66d3406d
-
SHA1
6a7492a26d0a16320daa2cb187232fc0053f4f5f
-
SHA256
e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253
-
SHA512
041e3f65fcb877eb19f5d63cb79d2eb6327ee4b06191a3a4202a736fb6215cd2b2b5c436c081b0165acf2b1b0341c8c551bbf166f8f46ce48fedd7d23ff74049
Score10/10-
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 131.253.18.11-12
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-