a3c48fe2567f748e07827c1a86b86bc28a88b231e01897980442bede5bd84c38 | Triage

Sharing

General

Target

a3c48fe2567f748e07827c1a86b86bc28a88b231e01897980442bede5bd84c38
Size

141KB
Sample

221127-sraw9agd29
MD5

a98d834c575f4f30771e359ca59d9483
SHA1

c533257e3a9b6dfb4cbdbe1b7d467ec18adfaefb
SHA256

a3c48fe2567f748e07827c1a86b86bc28a88b231e01897980442bede5bd84c38
SHA512

2e34478b5c3d5df670d6dca743a07eb973d07fa3a4e0b904c774a7b2a0b2bcdd396525cb0b11f2fc1bcc5b92800be44c7cec1575cabd5f4bb3aaa8dac638dfea
SSDEEP

3072:Lf9yFYLmmYkuXZ//9QEIrABWXEIV3iOHwHWh9O4wlIMiIz:jGYymgJn9QEI0BsV3iWw2h9OxkM

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe
- Size
  
  204KB
- MD5
  
  60e35d1acbde6b22234c712c97869cfd
- SHA1
  
  810a916c1d70376dadedebd9e83454c923346bf0
- SHA256
  
  b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90
- SHA512
  
  d23fb897260b02c3a097cc52cde48d06a595ceea18afa66c692ab7c13e4eb887229f923902d7d5cdd04d544e7d9474ea88a223411248405c8914b9933950b7a1
- SSDEEP
  
  6144:qoVIiObZbJn9QEI01sV3iWw2s7ldCh8+V+e:1VIiibR9zULPs7lohr9
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2