3034a77a096be3c49b64e8aa1dbf53222248b76ef15afde3b98961f5028ae316 | Triage

Sharing

General

Target

3034a77a096be3c49b64e8aa1dbf53222248b76ef15afde3b98961f5028ae316
Size

128KB
Sample

221125-dp7qwabe8y
MD5

375b2e6d3d39c88b7d1131fb9424efa7
SHA1

a5bb7909a7bfb2047cb20079ef1ce1a179daa59c
SHA256

3034a77a096be3c49b64e8aa1dbf53222248b76ef15afde3b98961f5028ae316
SHA512

cfdd40b8db17023c3dd2823fc29bd07b4b049f7baefa722790f1a2f9e59c61e9e7c9e8e1a4e3c8f5caee1eff2bebc6c49b9c0919e9e30c371b2b2b113293fb89
SSDEEP

3072:V9lPF/JaJQXn4/bj0rG7bat/AlrBykr7M9QPNSc0CvEqq:V9lPLqgnCwtt/AJBykrTPz0Lqq

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnung_K4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe
- Size
  
  160KB
- MD5
  
  93c5ce9d871d19cdcf01de0865472c2f
- SHA1
  
  f2d1525e8bb81544e03406144fd3dcb9501befe2
- SHA256
  
  4e09d0ad9688191056413511441739c7246d6052b322dff889615c3d82ee8b98
- SHA512
  
  10bafb2b1184c642558cc7e6dddce7e04d03e1b5b0f696b5c7cb2a9c487f232eb788e3c57cbe9944649e0ae425a77645505198ec97554872165400e5c5be2b80
- SSDEEP
  
  3072:B7tIqiClxus4ZkEMb0rG7bat/A1rBykr7MlSRmV6/v7v:BtImlxus4Z1tt/AZBykrZugvD
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2