481671c1a4d4c2213b7d1f04b6fecbc8a94703f4447166789c759d68f7e510bf | Triage

Sharing

General

Target

481671c1a4d4c2213b7d1f04b6fecbc8a94703f4447166789c759d68f7e510bf
Size

119KB
Sample

221127-tmkfkaec7x
MD5

b03b800e18edd61427c2345b5f938253
SHA1

e43e47dd9c162ac47295166a4d3c03ff55391574
SHA256

481671c1a4d4c2213b7d1f04b6fecbc8a94703f4447166789c759d68f7e510bf
SHA512

c74b872df07cc3dc4fe57459b9193d47f555d13c20a0c47b6837228545d9af150cd324e92f67d3b31a757b8e34e01a614bdac42efb37755ac3f61a0baa3bd10a
SSDEEP

3072:/uuJva2WwVmrYuQr5ZlLP8GJMKvfYPmmzvmBVWLaig76JKj:/ucBVmOLP0PVzOBsSj

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe
- Size
  
  148KB
- MD5
  
  e904fb9ef69599c6afec8a00eaa0844f
- SHA1
  
  a1edfcaa398b4d4e80d84317fabcdbee7a926ab0
- SHA256
  
  9f8b764b140f5384b3cc712640b76fb697566ec30e82508e4b35409ce400869d
- SHA512
  
  105bcc7bee4904c7d1bc9d06e4a6c74ea11f6e73bca9d430543f6eb3d3e72df4468e98d966f161b528854c93feca45d03ca475ae450f3224961411e5565d6e05
- SSDEEP
  
  3072:EwvzPBhF4kWWGhQr5ZlLP8GJMKvtYPmmzvmBVWLaig768K5:jzPvF4k8oLPSPVzOBsX5
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2