7d23428cfdf148f0a7938252849e12b6652ea1da6b3a41ca8bdb1a23c34cb4a6 | Triage

Sharing

General

Target

7d23428cfdf148f0a7938252849e12b6652ea1da6b3a41ca8bdb1a23c34cb4a6
Size

129KB
Sample

221124-3adlxsfa66
MD5

7c6b14d9e9691c8ad2300a25d5167436
SHA1

bf556689dfb3cfb7410de2295d1b18cdee7e7dc7
SHA256

7d23428cfdf148f0a7938252849e12b6652ea1da6b3a41ca8bdb1a23c34cb4a6
SHA512

2f4151f9def92e952b60388ae1928850842551e858e0f84cc8f4cec8889115ae14985ec4cd2c26459dbb2e2c12e19603b285943f4244fc1bf09f49a0a1919cf6
SSDEEP

3072:I0vuMIfhVvUgRh13oreqjc2K9FZn0f1MsWEjDbIpNF13F:IGdIwcheOFZ0fGL/NF9F

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnung_pdf_telekom_00002383882_november_002818273_11_0000000392_000005.exe
- Size
  
  204KB
- MD5
  
  bf08a33a6aa04fd576d4661bfe409d63
- SHA1
  
  33bac2b5647c3cf464e5b2cbd7e108aa75877be9
- SHA256
  
  796c421ab9d0cb0b7e2de528cc7535c3eccabb31c888a04796593654ec37a0e2
- SHA512
  
  4f11e2e9e606c68afaa534f700f54706f1ce23e99c42398a09e4df7a2481a8c6b07f6ffb2d19db5b2dc2fea7e5b6488692af5eeac52e16ae2b13062d8a3c8140
- SSDEEP
  
  3072:KbbbeGI6JRubMVHhRJO13oreqjc2K9FZn0f1MsWzdT6V:hGLRdVHheeOFZ0fGL16V
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2