f7cd46bb51595e79f69fc3f70a606c0a9159e3c2860d12ae8db7b2817f3d5c7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7cd46bb51595e79f69fc3f70a606c0a9159e3c2860d12ae8db7b2817f3d5c7f
Size

129KB
Sample

221125-wdv7tagc8t
MD5

d030dd050bf79cddf6ae15043858418b
SHA1

aebd08422ec1178ebac4acc458505629ba05114a
SHA256

f7cd46bb51595e79f69fc3f70a606c0a9159e3c2860d12ae8db7b2817f3d5c7f
SHA512

5e5bfc8ce0bfb771d06e475d4d9e93722043c6cc907f45e945d7e8c78002ce8fd32093eb14c2dbd49d5cdd317d6eac6d5e53a10f93a46b011a246e46b06595b2
SSDEEP

3072:gTFsY6kNJdJxFUBGvLyTfQPtIs/nawsVY5Tftm3:g2GNJdJxFmOLUQPtItuBk

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnung_pdf_telekom_00002383882_november_002818273_11_0000000392_000005.exe
- Size
  
  204KB
- MD5
  
  a6b481c3a243bc0aa191cba03e6c8add
- SHA1
  
  a8cdaba062f0ccdb697e50538f6f71606ed41ea8
- SHA256
  
  3d4dc9be1d3095549994379cad141935e3d217d6d8f6616cf2970de85dcbdfe9
- SHA512
  
  9ada3ebe7af6e8d560674e28ba1816b6d203e4aa0e4bc7c92089820d01e33db3acebbca0c9d6aa65f614993eca810c0526271ad2a07487a8588e497e39cfa2cf
- SSDEEP
  
  3072:n2bbeGI6JI9TIFxFUBGvLyTfQP9Is/nawsVdW4F9owQ:HGLWqxFmOLUQP9ItI4F9XQ
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2