3eb52ac6d33686efdc84428d64edd1ad6d1eb3a1a9b0d88e3d77bcf3b75a04b2 | Triage

Sharing

General

Target

3eb52ac6d33686efdc84428d64edd1ad6d1eb3a1a9b0d88e3d77bcf3b75a04b2
Size

118KB
Sample

221124-rg5s7sda4t
MD5

7cafaf3f0e21d523f079ee710f911fbc
SHA1

64cd68db556ed0016bbe4868b7baae45bda4ece7
SHA256

3eb52ac6d33686efdc84428d64edd1ad6d1eb3a1a9b0d88e3d77bcf3b75a04b2
SHA512

c61e61dd6e649063b4ceb2fe9bc1d98192ab70335670f26dc353e06a634b9ae7d7d484bd7298b7859f48cba224335e61b34d7fc2250731c5b86fa5b580a199ca
SSDEEP

3072:GleYB3qT/ye1dN6so3Llk5aAGGUvX+IurWuK6o5yw5pP9m+OHMVEda:aqT/ye1dNmLeaAGd1uK/z5T5pP9mHVda

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnungonline_pdf_vodafone_0095890374_537999190_82135674.pdf.exe
- Size
  
  140KB
- MD5
  
  112b33bfeb2514bf11b0595c55173b32
- SHA1
  
  bde96a6d72babb9d5dea78d98dfa434ab2108624
- SHA256
  
  585f86ba3173d7a8560a2e82d6adcc8e3e3772bbaefb3239547b43a6685f21c1
- SHA512
  
  eb9a80e201d751740d0992459e1fcd61f3973113ab62c4d0b930dabcb165095492dc7d70ddfe8267c707d1b73df3a0df772c755b2477839a1f754e17be51401b
- SSDEEP
  
  3072:sJjzdejzg3KOSD+dN6so3Llk5aAGGUvXaIurWuK6o5yw5pP9m+OnlNEWd/SGv4MC:URejz+KOW+dNmLeaAGdZuK/z5T5pP9mI
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2