5dcc0631b89dc4c6265a07489f0adeab2a534caae2e24981f2de7f77d55ac91d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dcc0631b89dc4c6265a07489f0adeab2a534caae2e24981f2de7f77d55ac91d
Size

131KB
Sample

221124-e5y94sce6t
MD5

cb3c244f79585f44f6d66100141455d4
SHA1

ef180170d1777298e4c2bb6a3ef1e144243d0409
SHA256

5dcc0631b89dc4c6265a07489f0adeab2a534caae2e24981f2de7f77d55ac91d
SHA512

c7086857544bd61ea8469e934a483df481b7fe931a7fc78356396eeeebf7e84c24ba81f473433e1a2776f05cdedef1d5e454643f7b721e8da41231df479efd8d
SSDEEP

3072:Pu6T+2kftII4637xogGYkMPVOgiaNUDRYUiG4UD:fBkfTLsMPVOzaODRem

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_027.exe
- Size
  
  172KB
- MD5
  
  b3746da8e9565cdc99309bb7ab4981cb
- SHA1
  
  eef70319961f720e69e6814e8b0ec30860617e47
- SHA256
  
  318da5393b33eecd56b85758d52f3baf0a01e19c979c910099e61da6b86099b0
- SHA512
  
  1b8c90c6ec5c2ef523522acb6cd04f9c618e3cf2a072d982caac191c1f78f862e54637365da324b3917903c9104fda5af0e68f6fcd1043d439abee9c419263e6
- SSDEEP
  
  3072:LRSCwISjY+sxh2IMI4637xoSGYkMPVOgiaN1Tbll2uyjn:LRmLjY+szrLkMPVOza7TS
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2