acdf33ea6d90850e16d49d0d768478012350011dc0afb1bbc7997b21549aa976 | Triage

Sharing

General

Target

acdf33ea6d90850e16d49d0d768478012350011dc0afb1bbc7997b21549aa976
Size

120KB
Sample

221124-ephx7agb46
MD5

b7c9c2124fa7eb263f789e605a428870
SHA1

eb745919cab9b9f59e3eb22c7a673f6fdae863ab
SHA256

acdf33ea6d90850e16d49d0d768478012350011dc0afb1bbc7997b21549aa976
SHA512

ce10cad52dd570bbf18b47902cfb4defb9f9f1922abd095c305f0f8931b982202f3f8b70b08e7d32d20c7c429e620787513991909b1d5dab23fe5c1aa3d90e37
SSDEEP

3072:UwStxY3/etB8WJwy/mMeUDusnZCwzKAzswF1De7iyV:UdnMGYWJJ/Kpsn4QVBaOk

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  de_0000239029_rechnung_scan_hp_28_0000000904_page_2_10_01_05_id_00291002098.exe
- Size
  
  144KB
- MD5
  
  738dd7cf1133cc2813a10813859e6e61
- SHA1
  
  dcfca6a60b767a64058e3d653a43789c1461e997
- SHA256
  
  74e86d70cb60b9ca846a892d99570500ddf7f5d376f70cd0c3346edd29680d57
- SHA512
  
  64edf119f1ee78f63deb5b41fe978cf57a05e09ce9f9597c12e29d21e718bdd8bdc717d5049c38cdb607e4d9db33a69df4c0f2aa06c3839043685d1be7b71389
- SSDEEP
  
  3072:UD6NN25bPpA3chmH/qB8WJwy/mMeUbusnZCwzPAzswF1De7iyc:JfMTpR4/JWJJ/K3sn4Q4BaOv
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2