a589916b32a21beac2d7575034b463985dcfce5507bf97480d4f05465f7129a0 | Triage

Sharing

General

Target

a589916b32a21beac2d7575034b463985dcfce5507bf97480d4f05465f7129a0
Size

122KB
Sample

221124-ff33faac24
MD5

e48a2cc9ca5e3d79a4088664aa630531
SHA1

15e43a23d1c2e21789b87e6bb21f68aed4125b03
SHA256

a589916b32a21beac2d7575034b463985dcfce5507bf97480d4f05465f7129a0
SHA512

f0b0c04751c8b9e3eb743879ac0bea341411045c2847ad37178cfc1387a3c5f7e686edf3f3778b605c480debfac0af0b5a2ed91040de4218592bb19c0fcd17f7
SSDEEP

3072:Qn83pkNSmCCLsLe5z0psVFMewD0fj7ifYqTgQC:Q8pkNSEsLOFMlD0fj7ighV

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_11_2014_3280000236_telekom_de_002839300002_11_0000352899_000005.exe
- Size
  
  148KB
- MD5
  
  447ea8f436208e24a8421e311a27bca2
- SHA1
  
  f1f93934579b8c17aa7b798072ff8944fb3bb3ad
- SHA256
  
  eb69817b4d0655fea46edd195bdd378200ff7182c16b36319190bdde5402c25f
- SHA512
  
  06f4aed8bcd558e11d0449fc097224fff0996417fcbe9e4f8a771ffbfa73f42010f731046eda6bcb8d4822b032951f5d71af2f4258cf1c99490e81bc2daebd47
- SSDEEP
  
  3072:WPIa4nO50c6fPDJCLsLe5z0rsVFMewD0fjhStoWe:WP34nO5k6sLcFMlD0fjhSyn
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2