Overview

overview

7

Static

static

Informatio...05.exe

windows7-x64

7

Informatio...05.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d275b5d14fd0dc1c9b0ad4017db8254f31ca39eac4d16710d54db028bc3bdd68

  • Size

    125KB

  • Sample

    221127-r99ymafa47

  • MD5

    b7278ced2998ce139d3efeec92660be0

  • SHA1

    326cc08c7af9df9a03bab195dafbc7e7a8c06013

  • SHA256

    d275b5d14fd0dc1c9b0ad4017db8254f31ca39eac4d16710d54db028bc3bdd68

  • SHA512

    125273c702c41ce63b64083cc02c9174addea2b7e7ccfd376e95e321cb1f657944d552385a092dd028702ab4e551813ea3d63204e467e59b50285630e2270e4d

  • SSDEEP

    3072:6X1nAzwFKitrqIwDIJFkcbSziQrG6PsiYyQ/HzdKc4gWEybVn:YAEF9r4ELZbSziQrG6dYyWdKcjen

Score
7/10
persistence

Malware Config

Targets

    • Target

      Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe

    • Size

      156KB

    • MD5

      aca8bdbd8e79201892f8b46a3005744b

    • SHA1

      284fbc4f8265e1125f6ffc16d50a5144676ced2a

    • SHA256

      836228366d9edc7e8be6321ce1ce18204e50e6cb36ddcb4ec9c3cdb079998083

    • SHA512

      1699ea7e18f13ca5f615773d8b278a78df9536c95684dedf5e5fcdc003cc6bb5bce73702d7d3c8bbb22459161f57e3fd85709068c8a628eeed78295dc6bdcab1

    • SSDEEP

      3072:LdLBregqjNDitrqIwDIJFkcbS7iQrG6PsiYyQEHzdKc4gWEybV5:LdLCNar4ELZbS7iQrG6dYyxdKcje5

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks