2b65b3346e0d495ca0de63ce257e0a04d948e675add5bb83c425aecbf1afd8a4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b65b3346e0d495ca0de63ce257e0a04d948e675add5bb83c425aecbf1afd8a4
Size

141KB
Sample

221127-tyhfcabf23
MD5

958ed5391b132c62d5855ce305669287
SHA1

6ce6790f5b73de54c2f321cc5ecda83998c117a5
SHA256

2b65b3346e0d495ca0de63ce257e0a04d948e675add5bb83c425aecbf1afd8a4
SHA512

84f89af2d9b5efcd18920158ff7a1bfd49cc5d64afc117372924ae6ca347915362f909f2d1c9568b7385aef32997169981740c4c70c44cf8c30f436c187bd8a4
SSDEEP

3072:6P6O9yFYLmmYktXZ//9QEIrA7WXEIV3iOHwHWm2bPkeECwgZnH:KNGYymPJn9QEI07sV3iWw2mF8H

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  telekom_deutschland_dezember_2014_de_0001_3029400_92_928_02020_0_7_293489_0038.exe
- Size
  
  204KB
- MD5
  
  d03d13c97c10669c812514f3beb12ee9
- SHA1
  
  089494b0c40f2bce96c0c84b329f87eff128c43c
- SHA256
  
  b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c
- SHA512
  
  638caef0a27496e17c8c41c794f2b7862826d106d68cdca8284aa8ffd72f5908bc06ba1eb47900dcc5fe269a6a8309f3d3b316d526671e4b6c16b3f6e90a7094
- SSDEEP
  
  6144:uoVIiObZbJn9QEI01sV3iWw2s7ldCh8+V+e:RVIiibR9zULPs7lohr9
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2