13718f5b41c60a63166bf48a0cf937f794d0974624d9c4f51304683dc56be301 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13718f5b41c60a63166bf48a0cf937f794d0974624d9c4f51304683dc56be301
Size

124KB
Sample

221127-w875vsaa53
MD5

86caf4ea39e8b5ab12c196d835322b0b
SHA1

91728e8f3f3b6fa6fcb0f042edde35b7cd34b64d
SHA256

13718f5b41c60a63166bf48a0cf937f794d0974624d9c4f51304683dc56be301
SHA512

5e02c52ef8162da224fb4a5616eef34457582f8a22320e06d1067fe9c9044784fcc8457e7c49a88090d6429d45490cf6da81befaf7e084cef9e5274dcf3c3210
SSDEEP

1536:8qHEjgbkvkfCGzRe6UsfT680I8gXG5VnCojmm6wt8BdMeNXAtwxTsVsGIL2+ya3W:8p0ddQaGLnCo0dXrxTsuGb+j3FO5M8

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  E-Card_zu_Weichnachten_scan_foto_2834792347_12_2014_21093812_000129_001_004_002910.exe
- Size
  
  156KB
- MD5
  
  2dec40d7b7933f41203fc40ff5f9f6a2
- SHA1
  
  e9bf4aa0dfd58f51fb49553e6c0ac7e305039c7e
- SHA256
  
  27c298c77e16bbc3f056653034c2d918418f877bb0193a9ca533b5527d830a94
- SHA512
  
  6c04dd52b99ff919797ff1851aaa45f3953643157f4d522b4b11336ec7d49a105e2274175a6932f4acefd1dcba4b8f4864d9eec71da8ab317ad937d2d2354322
- SSDEEP
  
  3072:m2V3A7emadat92PH48GLnCo0dXjxTsuGb+j3FRvtVFVlD2Pq:xV3A6mkat98LdzxwuGWJ7V1D
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2