aa53c99d7d3b9d6dbb2737ee0328a3fc9bd00b8ba4f7141ddc5c22b72c4163d9 | Triage

Sharing

General

Target

aa53c99d7d3b9d6dbb2737ee0328a3fc9bd00b8ba4f7141ddc5c22b72c4163d9
Size

134KB
Sample

221124-ezq2jscb2w
MD5

d4613097c28fd028ff3d12785fcdcbda
SHA1

41afc3d9f5778122ef1c9220fb7d86761a4c2d92
SHA256

aa53c99d7d3b9d6dbb2737ee0328a3fc9bd00b8ba4f7141ddc5c22b72c4163d9
SHA512

4d79bfe460c4e86d1873ccf00c59fa5160c7d035d4f7dbae052e8934a9957993b067a159c0a97779602013935a11e24516c045b2ca1ee5550d06de9250b47d93
SSDEEP

3072:AAW4fPV687SIm8raMol/Lg7Qir8d/xjcbfMrRP6lhDqPC0:FWGPV687SnzU+/F08P6zDqPC0

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_vodafone_team_0000399387201_0020398478002_0003_77352_192_0200002.exe
- Size
  
  188KB
- MD5
  
  e3ace455382fa7708264257983339263
- SHA1
  
  ab979cc544c46903d41fe773c568e2fa54a9bc44
- SHA256
  
  f2d682b9bd2857603944471a9baf4a8d83a897d7be57dbf473c8f07fd8f5ed1a
- SHA512
  
  be4a8e0770d30eb888a27490954b6109353673234f3b30b3c384d624ff79f3171a3ffff310883cb2f0930f0c64edb716171a78b3a166b44d855c08a0742c46ff
- SSDEEP
  
  3072:gudusODvGZVHhS1drkr3k1hsz3F8ol/Lg7Qir8B/xjcbfMrRPyczWIqT9tYhOddx:k9+phSzOFUs/F08PLWIqT2M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2