bc673b404b7f565bef5ce95d5870ba8703558f626724738957b944ef50d24ac1 | Triage

Sharing

General

Target

bc673b404b7f565bef5ce95d5870ba8703558f626724738957b944ef50d24ac1
Size

157KB
Sample

221124-en5qkabc8t
MD5

2a667361a4513e81ef924cf8d2c98695
SHA1

d73eb475ac28554cfd83d835e23a8d46c34a7fc9
SHA256

bc673b404b7f565bef5ce95d5870ba8703558f626724738957b944ef50d24ac1
SHA512

76878b4eebd44e38e800468d506732a2f1c92be95cbb46fe6fe119d4ee5840dbc1acf30043faf2a2bee161a710d5b3f6c5f126add43eb00a46ed815ff576f775
SSDEEP

3072:rGbm6W3JtM9b8GLTo2GHSKSXmLSScnE7SNZmZlNHs4e:P6WYRnOL5LSScz2s4e

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ihre_telekom_mobilfunk_december_2014_8320002103_12_01_910238002_1_9_3_7_001_002.exe
- Size
  
  204KB
- MD5
  
  d482374e81b35c6b2bba6ee71315e382
- SHA1
  
  c20efcbc5aa311b5ffb7fc18c97fccad043c22dc
- SHA256
  
  cd3666f7ddcc5c720f86402b0b6fb2c81fe21827b0a4eecbba1961b896b7590d
- SHA512
  
  cca3c24eac21967a98673ef921899373dc931b05318f0111fefdcadc84db193828dde56e9c47eb4a24877fb1c005fba8b04aa9a21b47751b79d72dfbc90bbf84
- SSDEEP
  
  3072:2TNLneeBJ6hERwOPPB+vziPhtMCpPQKSXmLSScrE7SNZmZUNHs4j:+LnehdQgWDMCtb5LSSc/2Z4j
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2