902936547cb2b3c6437e574ef7e4a56b5564553e6a4284a3a395c5c5af36e0a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

902936547cb2b3c6437e574ef7e4a56b5564553e6a4284a3a395c5c5af36e0a6
Size

127KB
Sample

221125-wdfr5agc7s
MD5

4608368717c68dacd26c2fab6d73e18b
SHA1

90c41eaf914d2b0c1dba0181cb8e8bc84cc5f9fa
SHA256

902936547cb2b3c6437e574ef7e4a56b5564553e6a4284a3a395c5c5af36e0a6
SHA512

cc9548aa654d22c843a44b01e5f173d156281cbc09d72e49ae2f4787707b28c84a5f83794b1bc6a8ebe2123deb53bee35f0017d589b674a141477502538d57e3
SSDEEP

3072:mzireMNALp+CSYnzyHyvBwwQlF9KwrrzFmwzDqrRI2:mzeeMspaYzyHeBzQJPrrpHKrK2

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnung_pdf_telekom_00002383882_november_002818273_11_0000000392_000005.exe
- Size
  
  176KB
- MD5
  
  0bdbb242c3d65c99b0c4b3bdad19a793
- SHA1
  
  1b2a37b64b1a7ca71b801125faca273408bb7e67
- SHA256
  
  942b643d07c0cb4ac1593dccd846fe4bcda402f5f74fa4ba1437248e7c89e0c3
- SHA512
  
  387c6455dc286989d0de8b418505b5453ce82c262132eba2975006b59057a698bb5fe33bfa428690d0db30b3396ba6b699a1ad2b68482bc04df27975ca19206e
- SSDEEP
  
  3072:bBfHcmI+fMEJRvGGs4Edlb9kMv0UNLp+CSYnzyZyvBwwQlF9KwrrznF19AaROhze:blH80NJ5ZEdT8UlpaYzyZeBzQJPrrjFt
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2