122288b0569c2eababca57d06c8c284292a8058961c9e987db60f3e7eb9c06d1 | Triage

Sharing

General

Target

122288b0569c2eababca57d06c8c284292a8058961c9e987db60f3e7eb9c06d1
Size

118KB
Sample

221125-wf5h9sgd7w
MD5

698e4437c637dbf5b5e9e71b2a04a042
SHA1

e2f36f288493e190c095a1fe4c77bfee710aa036
SHA256

122288b0569c2eababca57d06c8c284292a8058961c9e987db60f3e7eb9c06d1
SHA512

61d4803989de603e43e1578d69af6e50fdc4fd5bc91abe47b399f86861a3ac107570d16b1911ff4c5b03ed0e2630164edb3afe8f00a31384b5e35cd16a82afec
SSDEEP

3072:ZzevV12nQEvFMezCYwFZ01bzWQPg0+RfN2HOdUnylHjlUXF:E/2QGxwiiXDRfWOanyRj0F

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnung_pdf_telekom_0000283882_november_00288273_11_0000000392_000005.exe
- Size
  
  148KB
- MD5
  
  719d4b8a24a98b938d0c393228e413f2
- SHA1
  
  9f55cdc8223b1ada8c7fdf678f605345442ce240
- SHA256
  
  29e65cd43000e27bb73556fce0dcbc2ec9a42a68dad623c251dc84a846651040
- SHA512
  
  e729442bc973b846cb07511c0654d65a425cc576f7a1847dc7800ac45fcaefaa0005327a779a7712017610130f47f4fbdf14f5b53ee812cfa725e09dca3d8d78
- SSDEEP
  
  3072:oykEWzxnWWEe+SuF1FZ01bzWQPg0qRfN2HOdUnylZ5MWz2M:drWzNWWEl1iiXpRfWOanyz5Rn
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2