b68c4b5dc8f4d769ae6bdf70d40f89929021b442b96d62114dcae52061ad795d | Triage

Sharing

General

Target

b68c4b5dc8f4d769ae6bdf70d40f89929021b442b96d62114dcae52061ad795d
Size

123KB
Sample

221124-e36leacd4s
MD5

400c34b3542041da445e3feaaa7daf2a
SHA1

075af55eeeefe920e9046c6095f93ea3f2b86080
SHA256

b68c4b5dc8f4d769ae6bdf70d40f89929021b442b96d62114dcae52061ad795d
SHA512

777a3e5ca2a97190fcbb78636efde6e6d9436fd3a3ce313c06de8e3c2cfc6c5e75b4bfe493200753f41d5c603ba13fe4702f0785529b377ae52d1161ef97a0bf
SSDEEP

3072:1QSHcEIAZI4eXsy3cvf5ftCC6ofPjPK5dTLiwCOv8G7poEEcM5:1QSHxIAq4GZcXgoDPKLF8Cpo1cG

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_027.exe
- Size
  
  172KB
- MD5
  
  7ae552b119e733d998108725e33b8fd3
- SHA1
  
  d3c7ebaca0a527731ba611dcffce8dd163d0e885
- SHA256
  
  afcb82f94147382a98a3d67b695565114b2675e90eabb55b0c28f0efa0ef0712
- SHA512
  
  e8fd51702a69a820a32c23548ad1b7d131ea6f9a79021095317ef25d75f3143f68fd090fd177467021d2a9f940de8fab42769d90046621fad3cd6d5aae27fa8c
- SSDEEP
  
  3072:ba4ZKMWBexMF+4eXsy3cvf5ftCC6ofPBPK5dTLiwCOv8G7PAPplKrrz:b3bXxI+4GZcXgohPKLF8Coh
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2