4abcad289f00239cc8a27382f6bf0e0a4cc4befed374538af08c8646fb0700aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4abcad289f00239cc8a27382f6bf0e0a4cc4befed374538af08c8646fb0700aa
Size

123KB
Sample

221124-e3qvyshb76
MD5

a5d124eb605ff70853a17e9c85dcb17d
SHA1

3732a162ad9d380047c618dcb3664529277a53c5
SHA256

4abcad289f00239cc8a27382f6bf0e0a4cc4befed374538af08c8646fb0700aa
SHA512

f009216509eaec8ea415a3dd0115a3834aaf19f4fde14128bde499faa1aaefc4eeedb8254c3656d7730ab3eebbc8ad0ed8e003b98bbed7c7a05eb7e2e791e784
SSDEEP

3072:lIASLwrcXBU294eXsy3cvf5ftCC6ofPnPK5dTLiwCOv8G7C6U/Cg4c/:lIjLQcd94GZcXgoHPKLF8Cm4a

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_027.exe
- Size
  
  172KB
- MD5
  
  2e50626df6751bab96f40af4c6c2464b
- SHA1
  
  73636c748395cf1aad311f6793c49a5a7a00ee88
- SHA256
  
  99f799cc409531447bc2f55c27801dc6f15cfbd0c537bbff03af66af8461e67d
- SHA512
  
  2e720cf598cb219e336c2088e41be9848772af20767ff1a83d4560c0629135db2fecaac3af4a0487268183d70cc0153c44cddab247ecddcb21c835fc8c8c1683
- SSDEEP
  
  3072:qa4UKMWBexMF+4eXsy3cvf5ftCC6ofPBPK5dTLiwCOv8G7PAPplKrrz:q3qXxI+4GZcXgohPKLF8Coh
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2