3a223141c9ee133aab69fdfbf43b31f363c4f2de8e2f9da95eb793c1f5f182d1 | Triage

Sharing

General

Target

3a223141c9ee133aab69fdfbf43b31f363c4f2de8e2f9da95eb793c1f5f182d1
Size

121KB
Sample

221124-exynlsgg38
MD5

4afb0ca865e8f74cd858619042a1e24d
SHA1

c7ad6d01d897400d3e07417cd19b2b30459d1523
SHA256

3a223141c9ee133aab69fdfbf43b31f363c4f2de8e2f9da95eb793c1f5f182d1
SHA512

116ae217741696916507f15ba68f18c9790c29ca1428a7994ba71ef4e6a3fa2106d478017c248befd7b443c8c1665ce6f2bce0e9c79fa43b895df8cf428a883f
SSDEEP

3072:r/EVJukPSszLgdOoDbj78dYHvbCQpLtf4P4H3rzl:zEVVPTzwHDbNvuQtlH3Hl

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11_rechnung_1_1_000309399002_4884_9849_00483_00222_0039459856_29392_000000002008.exe
- Size
  
  152KB
- MD5
  
  fa2f4d553195f26107bb14dd6bd1336f
- SHA1
  
  afc4088979a8de48bc06f921ffcddec35716b00c
- SHA256
  
  6d9e4d239cebe3c438a2c9a582afbc6d8d06f45fc5fd00b7aed6591d9826c276
- SHA512
  
  12c2343d8a7385fb1ea9e7b46ee47216cc53445ab40b9708450adb044dcdbf470b9140620de071206a95446ef801fe7cb7164f8a822cd6f4c22a7777b50a2595
- SSDEEP
  
  3072:+PUPz54mYWpWUGgYWancdOoDbj78duHvbCQpLtfCczU+vA6VtfROjVmd+zr3/1Q2:AuGmDGPQHDbZvuQtNzU+v3ML
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2