c0b77de896133569046a645842e58b0e3a9b8d3777cfd53c5f32d4a36626b7f5 | Triage

Sharing

General

Target

c0b77de896133569046a645842e58b0e3a9b8d3777cfd53c5f32d4a36626b7f5
Size

130KB
Sample

221124-e2jp9acc21
MD5

eba3d9997a47d2a87bcc346de4682ac1
SHA1

cd2b4b82a411a80d367cc0ac7aa840a15fb9b116
SHA256

c0b77de896133569046a645842e58b0e3a9b8d3777cfd53c5f32d4a36626b7f5
SHA512

a4851bd74b043a3f2ba9fb1dfc4fa03dc017efc28f7fedb44e0c4bce63ae0105778e353c7ff8f03381325e2055a9bce76051852a894abcafb3da128761b7f15a
SSDEEP

3072:TbBKvUTMOSaL1TlrjmTl3XymSPTd+S5ORY+EQ:TbB+nba/mpnCdiRY+P

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1_1_kundencenter_mobilfunk_2014_11_de_0209_0000328362_2761287_12_78_009_2876237820002.exe
- Size
  
  176KB
- MD5
  
  d33f661fae5b24ca9152f53eb3ba454f
- SHA1
  
  fe1eaae53e4633b71c24a3b1ea904e9a1577fbda
- SHA256
  
  a5aa85ab001ccdba52e68a873881687c5eb9c199abba2ed7c163124401240e55
- SHA512
  
  fa02c4c5e56ff4301b7e55592b40f6b07de742e3d8aad193db1b54a7e597c2fd3267bcfaff0d4bfd19a66a6f3d2fefe9f55c2b06db7aceab7c701e2c7a963cbf
- SSDEEP
  
  3072:YGwR1qmB1T0gHtMFLa6IKYa5Tlrjmvl3XymSPTyAAwoc9+IkMd+zr3/1C:sKla6IKx3mdnCNAwo42M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2