30806db0d83522b8ddbb828e67bb1940173e4a8229ae541a0d57f11718758de4 | Triage

Sharing

General

Target

30806db0d83522b8ddbb828e67bb1940173e4a8229ae541a0d57f11718758de4
Size

118KB
Sample

221124-rg9r6ada41
MD5

b1ce69248644f6dce39acef2b0dd7406
SHA1

faa75cc0926a793d6ef357d2e4ab0eea469cb526
SHA256

30806db0d83522b8ddbb828e67bb1940173e4a8229ae541a0d57f11718758de4
SHA512

01c2d1ee18df45d2f920ac9c698773a2e99b6ec7594c72c819b095fae5842142cd932a1a6ed25c2d061325db76f84efb2389f15f85441f62406dc65bf28f741e
SSDEEP

3072:XiM1Iroz3g82QP2YE+jx3grTQ7tCJR+OqCfZmTFYyqjn:Xi8IroExRYE0x3gro8+OqiZmTFnqr

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnungonline_pdf_vodafone_0095890374_537999190_82135674.pdf.exe
- Size
  
  140KB
- MD5
  
  d715f00295f03c8977aad12dcc5270d0
- SHA1
  
  7fc24f13b570aec9cabf3ed3b594719689509cb7
- SHA256
  
  d376872a3f47cc3245c2843d4e23e177be0bc25ea123980195ffbb670857981f
- SHA512
  
  4ca85f28e822904428300dfbfa5f23cecf780c4e5f76d1aaf9b399827a2110db6bdc0a206421e4d384fde29c5f604c88e2663f96db1d2e5fdcc666254e8caffb
- SSDEEP
  
  3072:5DorJLbaT+jx3grZQ7tCJR+OqCfZy0znAMMkC64MC:6rJg0x3grC8+OqiZywI6LC
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2