930030b63f99d1d28ed2a3c5cf4b1b5c3642520960936977b908eacdb82ea6b1 | Triage

Sharing

General

Target

930030b63f99d1d28ed2a3c5cf4b1b5c3642520960936977b908eacdb82ea6b1
Size

123KB
Sample

221124-e399lacd41
MD5

fd540e78cb228cd7751613bb28abbfce
SHA1

4a70dedd8e7b232e72c719cdf16a87eb01d0baaf
SHA256

930030b63f99d1d28ed2a3c5cf4b1b5c3642520960936977b908eacdb82ea6b1
SHA512

2b8132a239bdbe61d0c9162f3c15fd6cf57af8a5edabc499aba52302d3c2a9d5320b001699b90dd16c24881de4c94f192dd52eb02b6ba2068a871027562c54c2
SSDEEP

3072:RQSHcEIAZI4eXsy3cvf5ftCC6ofPjPK5dTLiwCOv8G7poEEcMJ:RQSHxIAq4GZcXgoDPKLF8Cpo1cC

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_vodafone_de_2014_11_930370025_023870007_11_de_0000003837_888830.exe
- Size
  
  172KB
- MD5
  
  7ae552b119e733d998108725e33b8fd3
- SHA1
  
  d3c7ebaca0a527731ba611dcffce8dd163d0e885
- SHA256
  
  afcb82f94147382a98a3d67b695565114b2675e90eabb55b0c28f0efa0ef0712
- SHA512
  
  e8fd51702a69a820a32c23548ad1b7d131ea6f9a79021095317ef25d75f3143f68fd090fd177467021d2a9f940de8fab42769d90046621fad3cd6d5aae27fa8c
- SSDEEP
  
  3072:ba4ZKMWBexMF+4eXsy3cvf5ftCC6ofPBPK5dTLiwCOv8G7PAPplKrrz:b3bXxI+4GZcXgohPKLF8Coh
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2