Overview

overview

7

Static

static

Informatio...05.exe

windows7-x64

7

Informatio...05.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    481671c1a4d4c2213b7d1f04b6fecbc8a94703f4447166789c759d68f7e510bf

  • Size

    119KB

  • Sample

    221127-tmkfkaec7x

  • MD5

    b03b800e18edd61427c2345b5f938253

  • SHA1

    e43e47dd9c162ac47295166a4d3c03ff55391574

  • SHA256

    481671c1a4d4c2213b7d1f04b6fecbc8a94703f4447166789c759d68f7e510bf

  • SHA512

    c74b872df07cc3dc4fe57459b9193d47f555d13c20a0c47b6837228545d9af150cd324e92f67d3b31a757b8e34e01a614bdac42efb37755ac3f61a0baa3bd10a

  • SSDEEP

    3072:/uuJva2WwVmrYuQr5ZlLP8GJMKvfYPmmzvmBVWLaig76JKj:/ucBVmOLP0PVzOBsSj

Score
7/10
persistence

Malware Config

Targets

    • Target

      Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe

    • Size

      148KB

    • MD5

      e904fb9ef69599c6afec8a00eaa0844f

    • SHA1

      a1edfcaa398b4d4e80d84317fabcdbee7a926ab0

    • SHA256

      9f8b764b140f5384b3cc712640b76fb697566ec30e82508e4b35409ce400869d

    • SHA512

      105bcc7bee4904c7d1bc9d06e4a6c74ea11f6e73bca9d430543f6eb3d3e72df4468e98d966f161b528854c93feca45d03ca475ae450f3224961411e5565d6e05

    • SSDEEP

      3072:EwvzPBhF4kWWGhQr5ZlLP8GJMKvtYPmmzvmBVWLaig768K5:jzPvF4k8oLPSPVzOBsX5

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks