Overview

overview

10

Static

static

e2075b32b9...53.exe

windows7_x64

10

e2075b32b9...53.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253

  • Size

    220KB

  • Sample

    210802-mb3ws1dgre

  • MD5

    8ba293749c97cbf48f30f02c66d3406d

  • SHA1

    6a7492a26d0a16320daa2cb187232fc0053f4f5f

  • SHA256

    e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253

  • SHA512

    041e3f65fcb877eb19f5d63cb79d2eb6327ee4b06191a3a4202a736fb6215cd2b2b5c436c081b0165acf2b1b0341c8c551bbf166f8f46ce48fedd7d23ff74049

Score
10/10
persistencesuricata

Malware Config

Targets

    • Target

      e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253

    • Size

      220KB

    • MD5

      8ba293749c97cbf48f30f02c66d3406d

    • SHA1

      6a7492a26d0a16320daa2cb187232fc0053f4f5f

    • SHA256

      e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253

    • SHA512

      041e3f65fcb877eb19f5d63cb79d2eb6327ee4b06191a3a4202a736fb6215cd2b2b5c436c081b0165acf2b1b0341c8c551bbf166f8f46ce48fedd7d23ff74049

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 131.253.18.11-12

      suricata

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks