6cba950ddc2839f1fe786619cf78373c9d24afbb489e2fbe0619c4f741101a85 | Triage

Sharing

General

Target

6cba950ddc2839f1fe786619cf78373c9d24afbb489e2fbe0619c4f741101a85
Size

123KB
Sample

221127-tanx8add5y
MD5

41ebdee0cff47e9e4a7567ec27e8ea49
SHA1

6948fd1cb9ff59d6bbc5e295118c238fc31a66cb
SHA256

6cba950ddc2839f1fe786619cf78373c9d24afbb489e2fbe0619c4f741101a85
SHA512

236b2123755355b9c900ed020a85bd2be8d1b565ef919a8037bf6c1800d495a88bc5b6b122b3c2aa469a49fbe02188d3dc34265ea5b2783e73667e68e7c5b210
SSDEEP

3072:MSRI3CNStqwGr/d4eXsy3cvf5ftCC6ofPHPK5dTLiwCOv8G7BVgiS1D1:zI3CEqwe4GZcXgonPKLF8CYiSP

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1_1_kundencenter_mobilfunk_2014_11_de_0209_0000328362_2761287_12_78_009_2876237820002.exe
- Size
  
  172KB
- MD5
  
  3d83c8e629e7a271448568b4edf53627
- SHA1
  
  28f376dbfb54f68fa87dbb20255574cc1fa9f63e
- SHA256
  
  b5281c0c00bdc0ebde811cb4ae7458eefd4c4add80eb4d8ef3e4a90280b06133
- SHA512
  
  b68333badf1c5147e11cd1c0299732eda31268bbc690521beb1304370b007dc9cc786033d0c6e332d42d2ac90699c49e1fdd832a603b03b7f26d0fe36092fbb0
- SSDEEP
  
  3072:Aac0KMWBexMF+4eXsy3cvf5ftCC6ofPBPK5dTLiwCOv8G7PAPplKrrz:AbKXxI+4GZcXgohPKLF8Coh
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2