Overview

overview

7

Static

static

Informatio...05.exe

windows7-x64

7

Informatio...05.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b7f985a1d083b539c07ace2f884dc2e9aaa26629fb28e00a8140c65e395931b1

  • Size

    125KB

  • Sample

    221127-sjpensfg44

  • MD5

    24c9cc1bff20992bffe24adbc20fa612

  • SHA1

    a35f067cbcbb08959491cc5f56c2538733d20aa7

  • SHA256

    b7f985a1d083b539c07ace2f884dc2e9aaa26629fb28e00a8140c65e395931b1

  • SHA512

    80f0cf760a948f122ac2f788a1ed804c0f00405a8bae87a5f8f5c6925ce01881ea88f4b844aa48b036ef50944a90fa84c4ae4ab4dba9aa6f0e00f67ee4bd7df8

  • SSDEEP

    3072:3X1nAzwFKitrqIwDIJFkcbSziQrG6PsiYyQ/HzdKc4gWEybVu:VAEF9r4ELZbSziQrG6dYyWdKcjeu

Score
7/10
persistence

Malware Config

Targets

    • Target

      Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe

    • Size

      156KB

    • MD5

      aca8bdbd8e79201892f8b46a3005744b

    • SHA1

      284fbc4f8265e1125f6ffc16d50a5144676ced2a

    • SHA256

      836228366d9edc7e8be6321ce1ce18204e50e6cb36ddcb4ec9c3cdb079998083

    • SHA512

      1699ea7e18f13ca5f615773d8b278a78df9536c95684dedf5e5fcdc003cc6bb5bce73702d7d3c8bbb22459161f57e3fd85709068c8a628eeed78295dc6bdcab1

    • SSDEEP

      3072:LdLBregqjNDitrqIwDIJFkcbS7iQrG6PsiYyQEHzdKc4gWEybV5:LdLCNar4ELZbS7iQrG6dYyxdKcje5

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks