c93901dbf4e2429d846b0f6b2e9430911ed99106eac4639b9c3fa0b988ea8a09 | Triage

Sharing

General

Target

c93901dbf4e2429d846b0f6b2e9430911ed99106eac4639b9c3fa0b988ea8a09
Size

128KB
Sample

221125-wl77cade84
MD5

4b389ecbfce40e26389e25f38195215c
SHA1

63cbc531746456bf9095e6ce82da78843320c5ae
SHA256

c93901dbf4e2429d846b0f6b2e9430911ed99106eac4639b9c3fa0b988ea8a09
SHA512

9db19537deb45d2463fe79edc03273ece8b2519bbbad5311adb109f133747e38040523bf66ebfa994d534cbde5bd8861a643dced8b9df9ce036ea58068c2cb3d
SSDEEP

3072:wol005kFgqFbDMAYptmiOANwZD6RSHGV/X12sihrj0FDyPsBQcYX:wKkFgAXO2qUmxX4D2yPjcYX

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnungonline_pdf_vodafone_0095890374_537999190_82135674.exe
- Size
  
  160KB
- MD5
  
  3d0d526add38e6695a2608b0bdd3633a
- SHA1
  
  b65b13ef23d183748ab922301ae519045302fd8b
- SHA256
  
  0fb33ea57ccd832a3fd8d26ad9dfa97fdd45c37a51b602a182438a17e374eb0e
- SHA512
  
  c601b0912d76e9417cb3a33a5e67e470325966ed8ce176b2e14095d393146b2f96c448c9fcf7e41209653f02af062a42db78a401675beed7771b614d2611d738
- SSDEEP
  
  3072:Y7tIMOClxoixT3+WsY6AYptmiOANwZD67SHGV/X12sihrjJ89GuzxwM8:wtIAlx7T3VsYU2qUmDX4DQ/xD8
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2