74fdcba4caa4f19b144eccc68728ac49e62072adcb94d083a4244007fc6bc91b | Triage

Sharing

General

Target

74fdcba4caa4f19b144eccc68728ac49e62072adcb94d083a4244007fc6bc91b
Size

130KB
Sample

221124-e2bdwaha53
MD5

465d9fef0d9450598b682a460acb1c61
SHA1

ce8a6149c41e6c25aa4040bcda01c7ba1156258c
SHA256

74fdcba4caa4f19b144eccc68728ac49e62072adcb94d083a4244007fc6bc91b
SHA512

d20b24b2c25c5be3f4b1101f6f79247fb5ab1b8e3d54b1de8f31acc9ff4fa5764df60b02a1df9fd15176ed887d892d3248435c85c400b42191d5a2ac9c48d1fa
SSDEEP

3072:GtYgtwCu+a9MMTb/OTlrjmPl3XymSPTTW6ulFoQea8OOG:AJa9MMf+m9nCTGkK8PG

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_vodafone_de_2014_11_930370025_023870007_11_de_0000003837_888830.exe
- Size
  
  176KB
- MD5
  
  13997ebf7af8d37dda6697ac03f76cc3
- SHA1
  
  9be2bcd498406bdfb05f860ad726273c4a7b4f3a
- SHA256
  
  11ecf58db103eb2ded5b942f303d48b5d77e336b8edfe335fa7b81264d1f50ef
- SHA512
  
  2894ef41ec784fb39ec663ff8ca5fa8c0ebbd875f95f6e2b843c8bca59d63cc7c43f64df43898290cef31c4b32478819f437fcc4656606d0f7cd4721c735ffee
- SSDEEP
  
  3072:rGwR1qmB1TQgHtMF5a6I4Ya5Tlrjmvl3XymSPTyAAwoc9+IkMd+zr3/1C:7KLa6I4x3mdnCNAwo42M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2