2f06c884f09798f06f2d6fa6481dd9bbfb4189162d8afd3b4cdc08947c3196b6 | Triage

Sharing

General

Target

2f06c884f09798f06f2d6fa6481dd9bbfb4189162d8afd3b4cdc08947c3196b6
Size

129KB
Sample

221125-dsf3bsbg3t
MD5

ce6831f92e9dae3a12bb9ce17b531d3c
SHA1

6cd27e0ae28de02d487a54602beb6a8a914cb082
SHA256

2f06c884f09798f06f2d6fa6481dd9bbfb4189162d8afd3b4cdc08947c3196b6
SHA512

9eb4161a6a0eff5fb8a6940de535cd260611d8f3909c204d67a42a78496f3a7824c742f5df715cf3768fd205171c5fd7df2a7c44b48dc55abbf85c8f1509b82e
SSDEEP

3072:J0vuMIfhVvUgRh13oreqjc2K9FZn0f1MsWEjDbIpNF13K:JGdIwcheOFZ0fGL/NF9K

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11vodafone_onlinerechnung_002120003909_november_390321980009_11_00000000445.exe
- Size
  
  204KB
- MD5
  
  bf08a33a6aa04fd576d4661bfe409d63
- SHA1
  
  33bac2b5647c3cf464e5b2cbd7e108aa75877be9
- SHA256
  
  796c421ab9d0cb0b7e2de528cc7535c3eccabb31c888a04796593654ec37a0e2
- SHA512
  
  4f11e2e9e606c68afaa534f700f54706f1ce23e99c42398a09e4df7a2481a8c6b07f6ffb2d19db5b2dc2fea7e5b6488692af5eeac52e16ae2b13062d8a3c8140
- SSDEEP
  
  3072:KbbbeGI6JRubMVHhRJO13oreqjc2K9FZn0f1MsWzdT6V:hGLRdVHheeOFZ0fGL16V
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2