9f725da3372fbb12fbac159b7ed62e778bf959ffcdf213e381606cbe990558a5 | Triage

Sharing

General

Target

9f725da3372fbb12fbac159b7ed62e778bf959ffcdf213e381606cbe990558a5
Size

134KB
Sample

221124-eztgnscb2x
MD5

62c5b23b848d48451d92edc4207f1510
SHA1

24d68218468512f195c5a29e88ca1a8d9e3ae743
SHA256

9f725da3372fbb12fbac159b7ed62e778bf959ffcdf213e381606cbe990558a5
SHA512

1625fd4c3e4784f8d0963c6d75c4db7b0281628742e4c0b4d0ad8039ee35d8a05d5a8eed83cb5afc7b07cc5bb2d5acc9781d2d0d95f9533768b27a2a7c73be4d
SSDEEP

3072:XAW4fPV687SIm8raMol/Lg7Qir8d/xjcbfMrRP6lhDqPCz:wWGPV687SnzU+/F08P6zDqPCz

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11_rechnung_1_1_000309399002_4884_9849_00483_00222_0039459856_29392_000000002008.exe
- Size
  
  188KB
- MD5
  
  e3ace455382fa7708264257983339263
- SHA1
  
  ab979cc544c46903d41fe773c568e2fa54a9bc44
- SHA256
  
  f2d682b9bd2857603944471a9baf4a8d83a897d7be57dbf473c8f07fd8f5ed1a
- SHA512
  
  be4a8e0770d30eb888a27490954b6109353673234f3b30b3c384d624ff79f3171a3ffff310883cb2f0930f0c64edb716171a78b3a166b44d855c08a0742c46ff
- SSDEEP
  
  3072:gudusODvGZVHhS1drkr3k1hsz3F8ol/Lg7Qir8B/xjcbfMrRPyczWIqT9tYhOddx:k9+phSzOFUs/F08PLWIqT2M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2