0cae053e53f531265e4dae6542a956ce14080397bf0b4b3e21498365a2e324b7 | Triage

Sharing

General

Target

0cae053e53f531265e4dae6542a956ce14080397bf0b4b3e21498365a2e324b7
Size

118KB
Sample

221124-gxv9lagf4w
MD5

a4a3ec9f0accbd3372951309666229d4
SHA1

743291c705e23c5113eae078fbefa26aa4c495d1
SHA256

0cae053e53f531265e4dae6542a956ce14080397bf0b4b3e21498365a2e324b7
SHA512

1eb88dfbfd60f20901e1e6b126be907d6b32c442a62997d2b68c8a278a83670fc88f2214bde516b11fbc1509d60fc6e813aa9db807462d38d7db871eb500296e
SSDEEP

3072:qEdsQoWgRG3qVygq2xW+TQDuZz4AYOr8T5juJNE:EccRY+TBF4AYOr8VF

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
- Size
  
  148KB
- MD5
  
  5f23ba974484a6890ccd7ff3dee5b2da
- SHA1
  
  47e409d5c7ff9495b209e27f6aa03f75b0194adf
- SHA256
  
  0edb84f0d8a1e4f856c1e26ad018e66901e2b587504155a1ae1f0d76d7501192
- SHA512
  
  bcc308411c702a3f4e28ba3d233895843a4b8606eeee8715d18e860cda8a247f879e0943a9cb64e672b79a466f441f4a6c120cc0b2237ae61de549fa2e205cfc
- SSDEEP
  
  3072:pfFj3q4+o/mYSpVygq2xW+rQDuZz4AYOr8Hkv:BFusZSXRY+rBF4AYOr8
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2