Overview

overview

7

Static

static

ihre_telek...04.exe

windows7-x64

7

ihre_telek...04.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f883fa5ba37185799594510c3e0fd7714433300b76a01991eeb804376cc99f73

  • Size

    125KB

  • Sample

    221124-eq6qmsgc59

  • MD5

    04242092c0b3dca14627c393818bf3c7

  • SHA1

    0f9ed699250b0e9b96ec8ed900900ccaf8141183

  • SHA256

    f883fa5ba37185799594510c3e0fd7714433300b76a01991eeb804376cc99f73

  • SHA512

    d6796693b4a11bb56831726690c5ed3b7e59f67037736f1ec18aa9384c886c7a694392bc88174bd72c82ec68a39abcff4fa46de54e7a6e19206ac8a7cc56ebde

  • SSDEEP

    3072:h8gSoO1x1ZtYs9DiOkqBFtQVMpDhCVT1YzycWFSk:h8gaXjFtQV2hCVkSSk

Score
7/10
persistence

Malware Config

Targets

    • Target

      ihre_telekom_mobilfunk_november_2014_00002930200_1_3_5_021090_82137_002_008_0004.exe

    • Size

      164KB

    • MD5

      b779127121ae2844dd49a63a9017fa2f

    • SHA1

      638a99a79bc63a7211422db7b851725b62b3617b

    • SHA256

      4241921870ae6fee9cef8a48cfa99f2189dd6d2e88ea22bff6caf6474d7d3ee0

    • SHA512

      c43aafb393ba68406c02a507d1ad5fbc18d78625a65a4c65a5c921ad5bc0cde050a513860c1e9340d6b1dde77b687d1c1a33481e883d5f1097d159f1abab5d2d

    • SSDEEP

      3072:ZJ/YG2oBH7RFQcISXZtYs9DiOkqBFtQhMpDhCVT1A6djL9Jf+yY:ZJ/GoJti4jFtQh2hCVTd/

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks