9e79d199abe7c53282b384f60e2f4a5dedda09eeceb1cb3df2f557e28b8d96b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9e79d199abe7c53282b384f60e2f4a5dedda09eeceb1cb3df2f557e28b8d96b2
Size

126KB
Sample

221124-fb2c2shh46
MD5

33730ab9fb92449d33a9d064e4c2e520
SHA1

0b21be282a252c7c98db834d13ee5dcc34fc5ca0
SHA256

9e79d199abe7c53282b384f60e2f4a5dedda09eeceb1cb3df2f557e28b8d96b2
SHA512

dcc5290a6cb715717ed116dfb105215a41aca1b3d5fdc3bf860c94a38ef16dfe939c1fec955caf49fac6e4a807bac98e2627c3d3378238f89f8f4e9bd4c03da9
SSDEEP

3072:Eos/g0FIRdjBPStd3jUQdW6wTHeOO16ogZrss1jhhWQbYRFSAe:EoagbRXPqz1uTE6dZrrjhaI

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_11_2014_3280000236_telekom_de_002839300002_11_0000352899_000005.exe
- Size
  
  176KB
- MD5
  
  66532729cafdf2c5421c4c43f7dee5e9
- SHA1
  
  571f5e0d5c046e91e195e205dfc89682bdd5f836
- SHA256
  
  5792bd3689fa6423672dc0974cfe1697f58f1cd63b5efa32d5d3a4f0b5e1c8a8
- SHA512
  
  79b9440e050bb42c27d6f4425b14b803c1448a3d3eba9c96be3c1a8b0a60eb925883d9ce0e02053d9420c43af08c7ecd77c86f7bde3b2e4080e09daab96d5b61
- SSDEEP
  
  3072:vQnHNmI+cMkJReOmz1C+cSQStd3jUQdW6OTHeOO16ogZrssN6wc+ga0Mhze:vwHB3tJWBC+Cqz14TE6dZr5PQ
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2