6174dab6df3f6cd4bb19ca60aeb1f8cb9f5fb9fb8560ccfeb71281dd773f03bb | Triage

Sharing

General

Target

6174dab6df3f6cd4bb19ca60aeb1f8cb9f5fb9fb8560ccfeb71281dd773f03bb
Size

146KB
Sample

221124-qmqe2afe69
MD5

0b5491e04fb6931786cde2c668b4cd38
SHA1

5e853478f288b25af0ca03ca1c9d6cd544c86b1c
SHA256

6174dab6df3f6cd4bb19ca60aeb1f8cb9f5fb9fb8560ccfeb71281dd773f03bb
SHA512

a40f603546545a5d871aba157e0dd0ad362d76aef1bd0a5ff4fd0a32b8310efdfa17b6c8fd3e7201ddee911e27f04a3ed035174004eb36835cf0bed2e8902732
SSDEEP

3072:guL4suyftDcmLDLYYJQEIigwkZM7QWtcJWjRzvNNcIdlwC09BJQR:guL48ftDcmHz7PgDZJkjRzVOqnUMR

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_11_2014_3280000236_telekom_de_002839300002_11_0000352899_000005.exe
- Size
  
  176KB
- MD5
  
  4a1d13a05a93cfaa8dd2627c696d2f0b
- SHA1
  
  173c81da2aab91f225f8eb5e8fcc87119be4eff0
- SHA256
  
  03f825726fdf3341bcfa36fcfd6dcd08e9d7ec3df982f7af9a290aa6f3c5647c
- SHA512
  
  29269b35d3b041ccf08d2351e4f3fa906ed396e5a880b357398f2f72ba7a20ff870531b2d7febaa1e4173412074d6bc7bee5723ad683011ee4a247fb683e7301
- SSDEEP
  
  3072:q6AMa+ceqZl+r4okWL23kjsZUQoRyV01WZIrLwwWyKdMd9zfp0T0:VfzsbWa3hZUHRHwwWy8UO4
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2