07b39ffa07fb6be0bb14b3804d0d842b7e7b9287a951ba9a46d415926318fbed | Triage

Sharing

General

Target

07b39ffa07fb6be0bb14b3804d0d842b7e7b9287a951ba9a46d415926318fbed
Size

130KB
Sample

221124-e2gkwscc2x
MD5

8413cbe5e4996ae791c58a4b98c02dcb
SHA1

726fda1270217da0e70b321c5ab078d411801e36
SHA256

07b39ffa07fb6be0bb14b3804d0d842b7e7b9287a951ba9a46d415926318fbed
SHA512

eb6f9c24e7bf02962ce0d5aeb5c8fed6e3f1ed843c18a8dcea02775c26e535593c28725581fdccbdf39d5d6fc851909f06b8526fa83c81a061d53f92a7042d4d
SSDEEP

3072:3tYgtwCu+a9MMTb/OTlrjmPl3XymSPTTW6ulFoQea8OOB:VJa9MMf+m9nCTGkK8PB

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_027.exe
- Size
  
  176KB
- MD5
  
  13997ebf7af8d37dda6697ac03f76cc3
- SHA1
  
  9be2bcd498406bdfb05f860ad726273c4a7b4f3a
- SHA256
  
  11ecf58db103eb2ded5b942f303d48b5d77e336b8edfe335fa7b81264d1f50ef
- SHA512
  
  2894ef41ec784fb39ec663ff8ca5fa8c0ebbd875f95f6e2b843c8bca59d63cc7c43f64df43898290cef31c4b32478819f437fcc4656606d0f7cd4721c735ffee
- SSDEEP
  
  3072:rGwR1qmB1TQgHtMF5a6I4Ya5Tlrjmvl3XymSPTyAAwoc9+IkMd+zr3/1C:7KLa6I4x3mdnCNAwo42M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2