b7f62b6852cba88f6e366faf7979ad4a9dd863ec8c5dcd48e6f5d50c89be7659 | Triage

Sharing

General

Target

b7f62b6852cba88f6e366faf7979ad4a9dd863ec8c5dcd48e6f5d50c89be7659
Size

134KB
Sample

221124-eznlescb2t
MD5

67506b82634daa2013a35bc4989e0b6c
SHA1

f109df3d62ade2cbb717305f4ba11ff64cdcb5f9
SHA256

b7f62b6852cba88f6e366faf7979ad4a9dd863ec8c5dcd48e6f5d50c89be7659
SHA512

f674705dbfed62905a0bb88a08a07a7982fccd9dd05a6511ff71c2869811c8550f185078d96eac0fbd8085bbb4b6dcf8aa5c6f61618936a07777e67b3d422c5e
SSDEEP

3072:nAW4fPV687SIm8raMol/Lg7Qir8d/xjcbfMrRP6lhDqPCf:AWGPV687SnzU+/F08P6zDqPCf

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  online_transaktions_11_2014_0939380001_12987384_93_39_003_365_9388347_00111_02000028.exe
- Size
  
  188KB
- MD5
  
  e3ace455382fa7708264257983339263
- SHA1
  
  ab979cc544c46903d41fe773c568e2fa54a9bc44
- SHA256
  
  f2d682b9bd2857603944471a9baf4a8d83a897d7be57dbf473c8f07fd8f5ed1a
- SHA512
  
  be4a8e0770d30eb888a27490954b6109353673234f3b30b3c384d624ff79f3171a3ffff310883cb2f0930f0c64edb716171a78b3a166b44d855c08a0742c46ff
- SSDEEP
  
  3072:gudusODvGZVHhS1drkr3k1hsz3F8ol/Lg7Qir8B/xjcbfMrRPyczWIqT9tYhOddx:k9+phSzOFUs/F08PLWIqT2M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2