f14a5314cdb6a3d4ca8482a48ef390d66d2aba974c30acc6cea6c4ebfba5b08f | Triage

Sharing

General

Target

f14a5314cdb6a3d4ca8482a48ef390d66d2aba974c30acc6cea6c4ebfba5b08f
Size

131KB
Sample

221124-e6el4ace9v
MD5

ba789401ea92cd678896059e1806df5e
SHA1

00bde3c74ecab580443222d351a075ee006e3a3d
SHA256

f14a5314cdb6a3d4ca8482a48ef390d66d2aba974c30acc6cea6c4ebfba5b08f
SHA512

de36df058acba6f0dc2527a48c4c9c946e9fc8b9981f2118ecdcdf2d52c21aa4fc5dba1dd8134a279fbf854b56cd3aa2664e56754ab6716f4f3e1dba48b4eabe
SSDEEP

3072:f+A6gUofzsi96Up164tnYl82gGtIVcrpJkYgST:fP6gN8K8iCIGtOcrLkiT

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11_transaktions_id_000000039190_de_398000283221_0033565020_029389227_92_200001.exe
- Size
  
  172KB
- MD5
  
  c06b551f110824f92f7dd6e1e286338b
- SHA1
  
  b1451aabe43b20ddfe11ba08cda0716a47cf9fe6
- SHA256
  
  0fdc5af087744ec47f94d6d98b05c2f018a5b16bb097a7826f096bc6f7ffd92f
- SHA512
  
  4ae0cee0c75e61be40d33635b658d3ea0e074b7f4246a037da60ee6075906583b532236e41e1a3910684b9d8b71fecbcdadc1f9249bacf94b7726818cfbdc576
- SSDEEP
  
  3072:Lw0CwITzueTD9d0h06Up164tnYx82gGtjdkruyjn:LwYuzue/9+hpK8i4IGtj4
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2