a578dede84666cb64e5281ea1f9c93812d8f3a3bb4cf270507bda38574a4f0e6 | Triage

Sharing

General

Target

a578dede84666cb64e5281ea1f9c93812d8f3a3bb4cf270507bda38574a4f0e6
Size

130KB
Sample

221124-e15akacb9w
MD5

4b4c0c78e5f4c90726f906a81adf5e7c
SHA1

8403a379baa11f68409c7dd1b27cf1c34843fd1b
SHA256

a578dede84666cb64e5281ea1f9c93812d8f3a3bb4cf270507bda38574a4f0e6
SHA512

0c00e4c3e51952faa42add339f635562014f606c11841699deac752a22770c80da4907d9c7abd9d5fb59523f7214613fc96158fb647b903db95d5c5e209883aa
SSDEEP

3072:8tYgtwCu+a9MMTb/OTlrjmPl3XymSPTTW6ulFoQea8OO+:CJa9MMf+m9nCTGkK8P+

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1_1_kundencenter_mobilfunk_2014_11_de_0209_0000328362_2761287_12_78_009_2876237820002.exe
- Size
  
  176KB
- MD5
  
  13997ebf7af8d37dda6697ac03f76cc3
- SHA1
  
  9be2bcd498406bdfb05f860ad726273c4a7b4f3a
- SHA256
  
  11ecf58db103eb2ded5b942f303d48b5d77e336b8edfe335fa7b81264d1f50ef
- SHA512
  
  2894ef41ec784fb39ec663ff8ca5fa8c0ebbd875f95f6e2b843c8bca59d63cc7c43f64df43898290cef31c4b32478819f437fcc4656606d0f7cd4721c735ffee
- SSDEEP
  
  3072:rGwR1qmB1TQgHtMF5a6I4Ya5Tlrjmvl3XymSPTyAAwoc9+IkMd+zr3/1C:7KLa6I4x3mdnCNAwo42M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2