301ee0740851e26aa13ffa6f9b251edb0f64b05245a503171e23831b7e5cf7b1 | Triage

Sharing

General

Target

301ee0740851e26aa13ffa6f9b251edb0f64b05245a503171e23831b7e5cf7b1
Size

121KB
Sample

221124-exz7fabh91
MD5

880598f1e75199a2c29d242e6866bfb5
SHA1

1ab6e2fb21f373fa8c2c0d5abd80292bd36b2d4f
SHA256

301ee0740851e26aa13ffa6f9b251edb0f64b05245a503171e23831b7e5cf7b1
SHA512

d75167c6f5aaf6737b155550b163ee76e82eb11f3af587290dc3e0e602fab061500c533fab4feb9538bbf3351c7c803bc7bbb7f76b1224ae8263eec959e37462
SSDEEP

3072:O/EVJukPSszLgdOoDbj78dYHvbCQpLtf4P4H3rzo:0EVVPTzwHDbNvuQtlH3Ho

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_vodafone_team_0000399387201_0020398478002_0003_77352_192_0200002.exe
- Size
  
  152KB
- MD5
  
  fa2f4d553195f26107bb14dd6bd1336f
- SHA1
  
  afc4088979a8de48bc06f921ffcddec35716b00c
- SHA256
  
  6d9e4d239cebe3c438a2c9a582afbc6d8d06f45fc5fd00b7aed6591d9826c276
- SHA512
  
  12c2343d8a7385fb1ea9e7b46ee47216cc53445ab40b9708450adb044dcdbf470b9140620de071206a95446ef801fe7cb7164f8a822cd6f4c22a7777b50a2595
- SSDEEP
  
  3072:+PUPz54mYWpWUGgYWancdOoDbj78duHvbCQpLtfCczU+vA6VtfROjVmd+zr3/1Q2:AuGmDGPQHDbZvuQtNzU+v3ML
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2