422193b305e4f6093b00f2bf68649112bb3772d3e0684f7c5aeae463eff1bef7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

422193b305e4f6093b00f2bf68649112bb3772d3e0684f7c5aeae463eff1bef7
Size

126KB
Sample

221127-w96y7adg9w
MD5

3a4c66f054ec9370ec39905207f15a7e
SHA1

49ca2585da94cd85ad6a0c736cf05e46b1fc400c
SHA256

422193b305e4f6093b00f2bf68649112bb3772d3e0684f7c5aeae463eff1bef7
SHA512

8322d70743ff7b297544e27272096174693740e8b3c35c3068f949d0fc7e79f7e181e207bcccb1e65f8d086cc7d6bde5a724548c5b356b745505f2f0b0444130
SSDEEP

3072:NZctb2a50xDgN21VqO29Y5eCPN2bViTpxJP12EFs+NL2+wRNgsW95Ly:jctZUgAdCY5e+CViTyEXl2+su9xy

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ihre_festnetz_rechnung_november_2014_54_7_0_2_8_00000390002_210_22_41_66_00000007.exe
- Size
  
  168KB
- MD5
  
  60e3cb5dd482ce771d0e5c6576a8269c
- SHA1
  
  33573fa6ad2ac27d48bd3ef1f84739449ec4b682
- SHA256
  
  37d254df44c84c208156c066068f2397e57413affd480a80dc01d0b2eb0cbb31
- SHA512
  
  bf2fab79ed0dd3fe763f6e2a0b809454536a5335ef29ebea40d562f2b745d695489d9d3039ab0f79b9f982863bfa0a266996c827b2338712f61965077e65eaa8
- SSDEEP
  
  3072:CdLyZlwEyKcoO29Y5eCPN2bViTphJP12EFs+NLVgu2TVAOWX:sLaw7F3CY5e+CVi/yEXlVh2hk
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2