a739d49ddebf2f741d8586881b0fa06bf80704747bd4439ece59946428dbeeef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a739d49ddebf2f741d8586881b0fa06bf80704747bd4439ece59946428dbeeef
Size

126KB
Sample

221124-fbz5zshh43
MD5

c547bf46a90ab498a6ce863f6c3df647
SHA1

6cb2a660e146505dbf523c9fc3e3fb0356bc96a3
SHA256

a739d49ddebf2f741d8586881b0fa06bf80704747bd4439ece59946428dbeeef
SHA512

12c8c9927711d013682a706877d9fe79ad2885b3472d91ce18811df3dc5ec52f982f6c25afc7584cbf23514078d032b16f418203ad2fbb4895ef04c4cf7d2680
SSDEEP

3072:3os/g0FIRdjBPStd3jUQdW6wTHeOO16ogZrss1jhhWQbYRFSA1:3oagbRXPqz1uTE6dZrrjhav

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_11_2014_vodafone_team_00200034994_00003999300067_11_0000002738.exe
- Size
  
  176KB
- MD5
  
  66532729cafdf2c5421c4c43f7dee5e9
- SHA1
  
  571f5e0d5c046e91e195e205dfc89682bdd5f836
- SHA256
  
  5792bd3689fa6423672dc0974cfe1697f58f1cd63b5efa32d5d3a4f0b5e1c8a8
- SHA512
  
  79b9440e050bb42c27d6f4425b14b803c1448a3d3eba9c96be3c1a8b0a60eb925883d9ce0e02053d9420c43af08c7ecd77c86f7bde3b2e4080e09daab96d5b61
- SSDEEP
  
  3072:vQnHNmI+cMkJReOmz1C+cSQStd3jUQdW6OTHeOO16ogZrssN6wc+ga0Mhze:vwHB3tJWBC+Cqz14TE6dZr5PQ
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2