3a62b51fc4bcee21bb5d1df1b492167dc47f9510f110c1e86c05534ab9be6a1c | Triage

Sharing

General

Target

3a62b51fc4bcee21bb5d1df1b492167dc47f9510f110c1e86c05534ab9be6a1c
Size

130KB
Sample

221124-e2erascc2w
MD5

03ba14ee33444f971d0cae911a38e3bd
SHA1

45e28f774234cd5e4cb5b6a68eeffb0db9aef7a0
SHA256

3a62b51fc4bcee21bb5d1df1b492167dc47f9510f110c1e86c05534ab9be6a1c
SHA512

254820cf4371e83f2f23c91ae2f8965e797858e1e2872779394f112204d23fafb7df7a82ceba6ab4a150c5d36ec9cf2ea72edbb2e7a1b38a59ad9fa809217148
SSDEEP

3072:gtYgtwCu+a9MMTb/OTlrjmPl3XymSPTTW6ulFoQea8OOy:GJa9MMf+m9nCTGkK8Py

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1_1_kundencenter_mobilfunk_2014_11_de_0209_0000328362_2761287_12_78_009_2876237820002.exe
- Size
  
  176KB
- MD5
  
  13997ebf7af8d37dda6697ac03f76cc3
- SHA1
  
  9be2bcd498406bdfb05f860ad726273c4a7b4f3a
- SHA256
  
  11ecf58db103eb2ded5b942f303d48b5d77e336b8edfe335fa7b81264d1f50ef
- SHA512
  
  2894ef41ec784fb39ec663ff8ca5fa8c0ebbd875f95f6e2b843c8bca59d63cc7c43f64df43898290cef31c4b32478819f437fcc4656606d0f7cd4721c735ffee
- SSDEEP
  
  3072:rGwR1qmB1TQgHtMF5a6I4Ya5Tlrjmvl3XymSPTyAAwoc9+IkMd+zr3/1C:7KLa6I4x3mdnCNAwo42M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2