e138237718e143e367cdbefa0d406f1afad18414079a0243bd24d75a330f4383 | Triage

Sharing

General

Target

e138237718e143e367cdbefa0d406f1afad18414079a0243bd24d75a330f4383
Size

118KB
Sample

221125-wf7zdsdc43
MD5

9c77fd7abeb1c1946b12b239a9f6ccb9
SHA1

f25231e4aaabbc743cfd1f388bf389901776bd17
SHA256

e138237718e143e367cdbefa0d406f1afad18414079a0243bd24d75a330f4383
SHA512

2556a6e31c5f196e3b1ce225705d11a97675d67bb74b3fcecb8bad549e42eab6950b63e5209136fcae0b37177669b548ff712e509637be499778d3816fcf21a2
SSDEEP

3072:VB2Y39KhhQh7gcs8Fx4FPToucJ0fkCJrQhQ6++B:2Y39Khhi7W80FLaJwJ23b

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
- Size
  
  148KB
- MD5
  
  4d5dfadd01b911caf7b70e6bf2ca11aa
- SHA1
  
  7a26d37415856bf37fe657b386233b936538b86d
- SHA256
  
  dba2b48d15163768309653884aa6c93120961891f91a680d1dc97b7ea3be1967
- SHA512
  
  56abc0fa70025076383d4745e2205a19aed922376c1729398724392bd201cae987c14590ad1c953e73adcba2dda85128616bc58274484bc82d8e7cf8627c7338
- SSDEEP
  
  3072:t1kEWMiWvL4Y8Fx4FPToqcJ0fkCJrdv8MAQK7x5:frW080FLkJwJvwQKf
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2