193abf343b7d31c9538b78c3092489e7fe38056308462ee8d70dc0d9485734e9 | Triage

Sharing

General

Target

193abf343b7d31c9538b78c3092489e7fe38056308462ee8d70dc0d9485734e9
Size

123KB
Sample

221127-t47mesca97
MD5

32bade45e1c8b41236e8ecb663c11a74
SHA1

67b94b6465af5576b48864adac2d2f1e74660137
SHA256

193abf343b7d31c9538b78c3092489e7fe38056308462ee8d70dc0d9485734e9
SHA512

b06b8161b9242436b75903c127565ad200bcacb9b86c4aa51e9bc26adbdb7b2304f6add8f8e098688e842aa9c06656c5ef2a6e4c46523028b85e74e2d81211e7
SSDEEP

3072:vWYrvIWPo9iCQtU8AuXhhH+7Zm1wdEb9luxPHsHvi4AsQ:vjHPe+UbuRhH+md0Pd

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  telekom_deutschland_dezember_2014_de_0001_3029400_92_928_02020_0_7_293489_0038.exe
- Size
  
  148KB
- MD5
  
  9d98c00e6856de4478554ffaa7d186b2
- SHA1
  
  10f4dc27fc03d5e31f1050607c3d91a733b95a37
- SHA256
  
  79f402d1a823a6c96389483aab9744640aa310546045f6ec76d491b0d9db356b
- SHA512
  
  5ecfdd934ebe17a4835d6c08f124c3c2bf66a9a006e8438cd9ab0c33403d037e769477946faff0e465588385ae416bce46eb6524e67b6cdad3405bb3a18c8a5f
- SSDEEP
  
  3072:Dku/PN/dw7QrkU8AuXhhHK7Zm1wdEb9leB0pPMMxgf6:wePN//kUbuRhHKmdhVMagf6
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2