8edd6f2c9954667aa3f0648587bf66b21c981af7987629cbb790fb556f6a0224 | Triage

Sharing

General

Target

8edd6f2c9954667aa3f0648587bf66b21c981af7987629cbb790fb556f6a0224
Size

123KB
Sample

221124-e4av5acd5t
MD5

aed9f422bdf853c45d43d2648d8beef2
SHA1

1915570afb2ad8859ebac0ec22bf1c2a1631beea
SHA256

8edd6f2c9954667aa3f0648587bf66b21c981af7987629cbb790fb556f6a0224
SHA512

7cf2e7d086a5dcad6edc06a8bbf3b6601463a196656cc1b1e5154bbd2a8cf070c7db23c565d0c62e8f139c938233a7b5c810640468b19d2a653b9bc4f3a7976a
SSDEEP

3072:sQSHcEIAZI4eXsy3cvf5ftCC6ofPjPK5dTLiwCOv8G7poEEcMs:sQSHxIAq4GZcXgoDPKLF8Cpo1cn

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_027.exe
- Size
  
  172KB
- MD5
  
  7ae552b119e733d998108725e33b8fd3
- SHA1
  
  d3c7ebaca0a527731ba611dcffce8dd163d0e885
- SHA256
  
  afcb82f94147382a98a3d67b695565114b2675e90eabb55b0c28f0efa0ef0712
- SHA512
  
  e8fd51702a69a820a32c23548ad1b7d131ea6f9a79021095317ef25d75f3143f68fd090fd177467021d2a9f940de8fab42769d90046621fad3cd6d5aae27fa8c
- SSDEEP
  
  3072:ba4ZKMWBexMF+4eXsy3cvf5ftCC6ofPBPK5dTLiwCOv8G7PAPplKrrz:b3bXxI+4GZcXgohPKLF8Coh
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2