e5319526bf0a00af0448a08685bdafa14a94b71d2774ca42491b12859030844c | Triage

Sharing

General

Target

e5319526bf0a00af0448a08685bdafa14a94b71d2774ca42491b12859030844c
Size

120KB
Sample

221127-r31rdaab71
MD5

be0d7a74b6f302e6f353aa214edac135
SHA1

cdfb7dbf6fb1e5ba63dd91a1ebdf96c85cca2754
SHA256

e5319526bf0a00af0448a08685bdafa14a94b71d2774ca42491b12859030844c
SHA512

a0b503be010ce034b52a026acbf9f6336a9b1b399d881d3af1d96d429a0e3c308555b7fc974789e4d8fd8f2461cab49d386ce645222ab58f4f20b1393b489e0f
SSDEEP

3072:Lw82O7Lmrmur3gQbL1DKd6Reha4lDpzhyYGwDh:Lw9CL2LbL1tOawDavu

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  de_0000239029_rechnung_scan_hp_28_0000000904_page_2_10_01_05_id_00291002098.exe
- Size
  
  144KB
- MD5
  
  5d24900b14b68b029005d07c1e56e537
- SHA1
  
  0659a9a2c0e8182757bf0f77fbd74360315d528b
- SHA256
  
  999cf93e01dfd4e6dd7258381e5a3cf93f0c516130b7a7ee0cbfa2ee6f3f7d60
- SHA512
  
  89dc83192c8ae91a4e83ee02b5a60a9fca6faefe8018a07b07a8f2210702d74996d85c6c4a190fde9306d230a72ea7bef631aa9dc5cb2c0d5e9dc45a5bb15443
- SSDEEP
  
  3072:CQq8+Jd06U0a/t1DKd6neha4lDpzhy7GwDs:28e0dt1LOawDaSx
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2