f6199ec69628681a3697265f813689c9122725eb88197a14d23193a28c2f8a8d | Triage

Sharing

General

Target

f6199ec69628681a3697265f813689c9122725eb88197a14d23193a28c2f8a8d
Size

121KB
Sample

221124-exqyrsbh8x
MD5

84c5e03a3500a8037a5865d795b3f400
SHA1

341d278d3bd1e834beddfb7bc6fc831605a65ecc
SHA256

f6199ec69628681a3697265f813689c9122725eb88197a14d23193a28c2f8a8d
SHA512

cc08139db6aa034d2ff4f1b1fac8f4dc4443ac8d5641a626660f6f84af0363f16c6287492bd76b25734c253ec3e846a3424426b1880fd72b7a04c996e859f51f
SSDEEP

3072:i/EVJukPSszLgdOoDbj78dYHvbCQpLtf4P4H3rzU:4EVVPTzwHDbNvuQtlH3HU

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11_rechnung_1_1_000309399002_4884_9849_00483_00222_0039459856_29392_000000002008.exe
- Size
  
  152KB
- MD5
  
  fa2f4d553195f26107bb14dd6bd1336f
- SHA1
  
  afc4088979a8de48bc06f921ffcddec35716b00c
- SHA256
  
  6d9e4d239cebe3c438a2c9a582afbc6d8d06f45fc5fd00b7aed6591d9826c276
- SHA512
  
  12c2343d8a7385fb1ea9e7b46ee47216cc53445ab40b9708450adb044dcdbf470b9140620de071206a95446ef801fe7cb7164f8a822cd6f4c22a7777b50a2595
- SSDEEP
  
  3072:+PUPz54mYWpWUGgYWancdOoDbj78duHvbCQpLtfCczU+vA6VtfROjVmd+zr3/1Q2:AuGmDGPQHDbZvuQtNzU+v3ML
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2