e13ed9e615275e8f16ad49319d57dfa01ae9e4a51d8eabd5c1165bb6497d6ccf | Triage

Sharing

General

Target

e13ed9e615275e8f16ad49319d57dfa01ae9e4a51d8eabd5c1165bb6497d6ccf
Size

129KB
Sample

221124-wljtradh6t
MD5

d607eb08e9a9c111342dc1899ac5be61
SHA1

aff006681af6b06e6dd0273a74b5d0177cad02bb
SHA256

e13ed9e615275e8f16ad49319d57dfa01ae9e4a51d8eabd5c1165bb6497d6ccf
SHA512

0054a460ad6a9a2cbadaf4e22812e8e2b332130f99c89edadb3d3535c9d4b77cb94c60b722b939b018b1aae92d44f1f221bb2b299dca8df9fe117648e0d9a740
SSDEEP

3072:T0vuMIfhVvUgRh13oreqjc2K9FZn0f1MsWEjDbIpNF13k:TGdIwcheOFZ0fGL/NF9k

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnung_pdf_telekom_00002383882_november_002818273_11_0000000392_000005.exe
- Size
  
  204KB
- MD5
  
  bf08a33a6aa04fd576d4661bfe409d63
- SHA1
  
  33bac2b5647c3cf464e5b2cbd7e108aa75877be9
- SHA256
  
  796c421ab9d0cb0b7e2de528cc7535c3eccabb31c888a04796593654ec37a0e2
- SHA512
  
  4f11e2e9e606c68afaa534f700f54706f1ce23e99c42398a09e4df7a2481a8c6b07f6ffb2d19db5b2dc2fea7e5b6488692af5eeac52e16ae2b13062d8a3c8140
- SSDEEP
  
  3072:KbbbeGI6JRubMVHhRJO13oreqjc2K9FZn0f1MsWzdT6V:hGLRdVHheeOFZ0fGL16V
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2