5a489b35df1153d9fcc02dbf90f6b17d3c7995e07ab65615914edd63ccc813ad | Triage

Sharing

General

Target

5a489b35df1153d9fcc02dbf90f6b17d3c7995e07ab65615914edd63ccc813ad
Size

134KB
Sample

221124-ez7djagh72
MD5

02bc5eeed7f047f5840adb72c0dc19e7
SHA1

8946ca61e2bf119e3a049ef8494f10ea906de23a
SHA256

5a489b35df1153d9fcc02dbf90f6b17d3c7995e07ab65615914edd63ccc813ad
SHA512

4460df84beefd228173dfbd77538409ea46e48bb220ee069df575d6173bb40d82a641e823173e29e6b3b8b0e4a98f94af6a43b7e3ce73b24b00a8c3fcb9963c0
SSDEEP

3072:XAW4fPV687SIm8raMol/Lg7Qir8d/xjcbfMrRP6lhDqPCX:wWGPV687SnzU+/F08P6zDqPCX

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11_rechnung_1_1_000309399002_4884_9849_00483_00222_0039459856_29392_000000002008.exe
- Size
  
  188KB
- MD5
  
  e3ace455382fa7708264257983339263
- SHA1
  
  ab979cc544c46903d41fe773c568e2fa54a9bc44
- SHA256
  
  f2d682b9bd2857603944471a9baf4a8d83a897d7be57dbf473c8f07fd8f5ed1a
- SHA512
  
  be4a8e0770d30eb888a27490954b6109353673234f3b30b3c384d624ff79f3171a3ffff310883cb2f0930f0c64edb716171a78b3a166b44d855c08a0742c46ff
- SSDEEP
  
  3072:gudusODvGZVHhS1drkr3k1hsz3F8ol/Lg7Qir8B/xjcbfMrRPyczWIqT9tYhOddx:k9+phSzOFUs/F08PLWIqT2M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2