949644755b55cbc830c338e2f0c5ab32dcc8bccde01f75e20ad5c11d9f0474cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

949644755b55cbc830c338e2f0c5ab32dcc8bccde01f75e20ad5c11d9f0474cf
Size

120KB
Sample

221124-ely51afh88
MD5

d452f2ba9fd1d2a9accc0d14eb301a6d
SHA1

c56470e9a13196a6b869a662bee4c510c078503e
SHA256

949644755b55cbc830c338e2f0c5ab32dcc8bccde01f75e20ad5c11d9f0474cf
SHA512

1a5593e9c658cfb5f774625308fa8c6454f2da3cdd38a85c335618ecde6022cb1d024ecd54a7bd642ef9ddb12032be96038949cf2be29dbf7b012b5e5d002be0
SSDEEP

1536:MPBT1OUB3Fi01RWm2l4w6qyljoe40bOasuWwWQVjwZdNKNanN/C+ZZ33fgNwQfPm:oOUB3FicRPB9lsQJ8Zd4Nan8WoNw42d7

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe
- Size
  
  148KB
- MD5
  
  465fcd4e9e58bd34e14ff1d08f25b182
- SHA1
  
  5c53599441649c0d456002165a420fe866ae0d07
- SHA256
  
  c618529d3c965f88021d712e57a49a69792818a3cdcb438cb0066af974f6ebb7
- SHA512
  
  909907b7c4ba4e7da005694fb96a848177e8c17a3eff95fb5a594a7231006bd114f24b2d6f6f37cf34b872adb33dd8ce6c150bfe74a46f04d75451dbfa331448
- SSDEEP
  
  3072:/ITf9bPB8JYwsQ18Zd4Nan8WgBspI9ozuPG7:YVLKYYeA72W9oyPq
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2