f4d0d52b38a15703ebd38417dfd41e23d05280259a9d3425ac5ad93cbf38cce0 | Triage

Sharing

General

Target

f4d0d52b38a15703ebd38417dfd41e23d05280259a9d3425ac5ad93cbf38cce0
Size

129KB
Sample

221124-vf7g7abe9v
MD5

1e9f8858ac2258f3387a46d9cfbc4e67
SHA1

90416d3780c1f4ee8b7aabcc7ae0afbfbd1437d8
SHA256

f4d0d52b38a15703ebd38417dfd41e23d05280259a9d3425ac5ad93cbf38cce0
SHA512

64e9227239198bfac76cf81b84a7a6c5796188c25869b6ed2566be98ce86dd7510978f94bc5fc05d74dda5a204e4fa6b490c88ba1c0f4fa4e6c0c3bdccff80b3
SSDEEP

3072:K0vuMIfhVvUgRh13oreqjc2K9FZn0f1MsWEjDbIpNF13T:KGdIwcheOFZ0fGL/NF9T

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11vodafone_onlinerechnung_002120003909_november_390321980009_11_00000000445.exe
- Size
  
  204KB
- MD5
  
  bf08a33a6aa04fd576d4661bfe409d63
- SHA1
  
  33bac2b5647c3cf464e5b2cbd7e108aa75877be9
- SHA256
  
  796c421ab9d0cb0b7e2de528cc7535c3eccabb31c888a04796593654ec37a0e2
- SHA512
  
  4f11e2e9e606c68afaa534f700f54706f1ce23e99c42398a09e4df7a2481a8c6b07f6ffb2d19db5b2dc2fea7e5b6488692af5eeac52e16ae2b13062d8a3c8140
- SSDEEP
  
  3072:KbbbeGI6JRubMVHhRJO13oreqjc2K9FZn0f1MsWzdT6V:hGLRdVHheeOFZ0fGL16V
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2