609f2a798ca83e81a89aa8396731d4ad8ee9af511d5e3350d91a589f92a1a218 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

609f2a798ca83e81a89aa8396731d4ad8ee9af511d5e3350d91a589f92a1a218
Size

121KB
Sample

221127-tdxdrsaa83
MD5

299dbb1e422b907d78463fd0af6f5cf6
SHA1

1d8e86527dc19ec6798c99669d9277bee92ed3e9
SHA256

609f2a798ca83e81a89aa8396731d4ad8ee9af511d5e3350d91a589f92a1a218
SHA512

c54f0ba5773f7a7a879dc4fa5cf0d9bd2ddb01bd7ea871ffad6877d84debe5db0f9e860392fba11080b4c92c1de268fe9e9ad30b0a065f2128bfd138af2a62dd
SSDEEP

3072:zjT/embGvM5yN+IpSot5A9mC+iDbG8jOzBYdXBRUoHm:zXe78GpH7A9mVEG8SzARpHm

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  rechnung_november_2014_0003900028_2014_11_0029302375471_03_444_0039938289.exe
- Size
  
  152KB
- MD5
  
  f3ebd9dc2bb17ade3db704bcf06ddb6c
- SHA1
  
  8c827a862c86991d6f2012174c982c8bd4673fd1
- SHA256
  
  fd72f9b70df6b6acfaa5a6553bd0094a260982aa9a63f38163e380fa600b54c4
- SHA512
  
  f627a94307d0ee7517adb49f6820fef9c1a24b81b3777e6d0552ae475080c1b45f4e46ceafe097e9a6eeda48e00491bd7643961fedd8263453e77fb3372075b1
- SSDEEP
  
  3072:wXUSu53x+vhiBIVHIpSot5A9mW+iDbG8jOz102+SvJex9Jf+ySd+zr3/182:GChx+5iaVopH7A9mhEG8Sz6LOUj/
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2