f883fa5ba37185799594510c3e0fd7714433300b76a01991eeb804376cc99f73 | Triage

Sharing

General

Target

f883fa5ba37185799594510c3e0fd7714433300b76a01991eeb804376cc99f73
Size

125KB
Sample

221124-eq6qmsgc59
MD5

04242092c0b3dca14627c393818bf3c7
SHA1

0f9ed699250b0e9b96ec8ed900900ccaf8141183
SHA256

f883fa5ba37185799594510c3e0fd7714433300b76a01991eeb804376cc99f73
SHA512

d6796693b4a11bb56831726690c5ed3b7e59f67037736f1ec18aa9384c886c7a694392bc88174bd72c82ec68a39abcff4fa46de54e7a6e19206ac8a7cc56ebde
SSDEEP

3072:h8gSoO1x1ZtYs9DiOkqBFtQVMpDhCVT1YzycWFSk:h8gaXjFtQV2hCVkSSk

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ihre_telekom_mobilfunk_november_2014_00002930200_1_3_5_021090_82137_002_008_0004.exe
- Size
  
  164KB
- MD5
  
  b779127121ae2844dd49a63a9017fa2f
- SHA1
  
  638a99a79bc63a7211422db7b851725b62b3617b
- SHA256
  
  4241921870ae6fee9cef8a48cfa99f2189dd6d2e88ea22bff6caf6474d7d3ee0
- SHA512
  
  c43aafb393ba68406c02a507d1ad5fbc18d78625a65a4c65a5c921ad5bc0cde050a513860c1e9340d6b1dde77b687d1c1a33481e883d5f1097d159f1abab5d2d
- SSDEEP
  
  3072:ZJ/YG2oBH7RFQcISXZtYs9DiOkqBFtQhMpDhCVT1A6djL9Jf+yY:ZJ/GoJti4jFtQh2hCVTd/
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2