990ef8d430028e78b9a65c3c9a1f85c256ed78f1d572336a13a4cd55a8b8ce37 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

990ef8d430028e78b9a65c3c9a1f85c256ed78f1d572336a13a4cd55a8b8ce37
Size

126KB
Sample

221124-fda9msaa44
MD5

54b7a6cec70e6a3e53ccdacea8818828
SHA1

a9ad4f3b3b491c7cb1bdeb3431170fecb26037cf
SHA256

990ef8d430028e78b9a65c3c9a1f85c256ed78f1d572336a13a4cd55a8b8ce37
SHA512

c443f5abe6d4de02590b14da5216e8ac2de9b2623de8785cfc35f8ca67404815aca18fc081d629dab8d20dea7644dc88942929ad880c7ed25454202b734f13fb
SSDEEP

3072:6E32P0xKLBStd3jUQdW66THeOO16ogZrss1IyLXfgQw:63PgyBqz14TE6dZrbI6vw

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_11_2014_3280000236_telekom_de_002839300002_11_0000352899_000005.exe
- Size
  
  176KB
- MD5
  
  5095f22cbdd7c59303fb7d670c97afa5
- SHA1
  
  35712036e76c5215b512f9ddb73321617387a98c
- SHA256
  
  79e4ffae8c0d0abd80d090d5f3465855b25955509e78d0ced3eab4cfa6d43015
- SHA512
  
  9c4815c773a1b57c1178056fec3063894869b51af02cca52baf94a8ee1644d90a2b7444951979f15ecf90f718ad920353cf21927e754158580e479ea5106c0fc
- SSDEEP
  
  3072:5KzHNmI+9MEJRuOmz1C+cSQStd3jUQdW6OTHeOO16ogZrssN6wc+ga0Mhze:5qHByNJGBC+Cqz14TE6dZr5PQ
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2