ae43ad6d622c5e47259775dda7fd7cb8cc81685c1ec76f1149f82abb7c01b1b9 | Triage

Sharing

General

Target

ae43ad6d622c5e47259775dda7fd7cb8cc81685c1ec76f1149f82abb7c01b1b9
Size

127KB
Sample

221125-wdn4hagc7w
MD5

6b0dad04d4a59554e44aa575e534f652
SHA1

c2a5498b1c0bca73f31e3fc1c5c42e8a586bc7b6
SHA256

ae43ad6d622c5e47259775dda7fd7cb8cc81685c1ec76f1149f82abb7c01b1b9
SHA512

d89463896d6747db419d1af8147dae1d590750b8712581bde638dc2e5055400ec62d2bc3b9953ccd948697afeda536e995c2a8eed8d87f2b4b7a50b9833e2097
SSDEEP

3072:A6+kz2mGl7ITMsvDWhjWxB50G2eaNLw1hKeW+D+2SndVD:7Yl0TTvDWcB50tNLwXPz+2SzD

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11details_transaktion_379000200929_november_309083200059_11_0000000039.exe
- Size
  
  176KB
- MD5
  
  8e9f821390b3affa596053cbadc4e824
- SHA1
  
  cd2fc0abfa71caf23bd71debad20a4715c6f9edf
- SHA256
  
  d0eba3801e3a1aa54315098cdc246086b51c6a5818377c9521a968c8fcf31dac
- SHA512
  
  13e5aa6db26fb086f9ee191cf7306b4e1db884a6746d74901ecb81c9c0ebc905d4022c38e7f608c2f8c3dc15e439e64c873e638b908406537e94ffb0fe672030
- SSDEEP
  
  3072:T9fHcmI+0MEJRSDOWHQKjEukcqRiGl7ITMsvDWhjWxB50G2eaNLw1hKeW8SaP3/1:TpH8DNJwOxvukJHl0TTvDWcB50tNLwX9
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2