1c71f683de6519775ba2973f11b22a7d4a4e4e94ad7073689ae7bcb57a6cbdd6 | Triage

Sharing

General

Target

1c71f683de6519775ba2973f11b22a7d4a4e4e94ad7073689ae7bcb57a6cbdd6
Size

130KB
Sample

221127-xbp4fsea4v
MD5

74b6da9262e82dd1f67235b56f52b175
SHA1

c0053435810baf77a343ac951328b245ed573442
SHA256

1c71f683de6519775ba2973f11b22a7d4a4e4e94ad7073689ae7bcb57a6cbdd6
SHA512

b4b76b529b07dcbef4b188c237c95687523206ba67ab58795eda3c3f161650a8d88b5fccea1c9c51857d73a829a77cc93403606e5f33709f0baa21c9562d3f16
SSDEEP

3072:KPtYgtwCu+a9MMTb/OTlrjmPl3XymSPTTW6ulFoQea8OO23:K9Ja9MMf+m9nCTGkK8P23

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11_transaktions_id_000000039190_de_398000283221_0033565020_029389227_92_200001.exe
- Size
  
  176KB
- MD5
  
  13997ebf7af8d37dda6697ac03f76cc3
- SHA1
  
  9be2bcd498406bdfb05f860ad726273c4a7b4f3a
- SHA256
  
  11ecf58db103eb2ded5b942f303d48b5d77e336b8edfe335fa7b81264d1f50ef
- SHA512
  
  2894ef41ec784fb39ec663ff8ca5fa8c0ebbd875f95f6e2b843c8bca59d63cc7c43f64df43898290cef31c4b32478819f437fcc4656606d0f7cd4721c735ffee
- SSDEEP
  
  3072:rGwR1qmB1TQgHtMF5a6I4Ya5Tlrjmvl3XymSPTyAAwoc9+IkMd+zr3/1C:7KLa6I4x3mdnCNAwo42M
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2