4286fa6be7ac8ade28f57b2b9894f340ff039456c476e25d8ce630a6f3cfd95b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4286fa6be7ac8ade28f57b2b9894f340ff039456c476e25d8ce630a6f3cfd95b
Size

120KB
Sample

221128-csf7nagd54
MD5

d107488c2b914295fd68278ff5dbb50b
SHA1

b22e55c5531be8177cc7ab07e08ea79210702f26
SHA256

4286fa6be7ac8ade28f57b2b9894f340ff039456c476e25d8ce630a6f3cfd95b
SHA512

f7a3c08580289a7f3e4073b90dcc70f3f26500ce472cdf32af8e930fc001d7d5e0771ac67f1648ba0e7b5f9d0f8e93bf50b5d7eb25e232d15eb51a7c954881ed
SSDEEP

3072:w4EjpQT7UkF/4faxa6keLTCYAo4RaHOP6AU59cvHa38:wnQXU+2axBnPC3o4ROOybCCs

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  de_0000239029_rechnung_scan_hp_28_0000000904_page_2_10_01_05_id_00291002098.exe
- Size
  
  144KB
- MD5
  
  165e0668c9007305f4335ff6ed4c9854
- SHA1
  
  b8ff03c73b8df5f9a840378b6862c39bd2b5eb5a
- SHA256
  
  9bfb04be2ce0a624be8edc3666d93686b73ead053644430876047c4a88862881
- SHA512
  
  a0232ea13fc9e30b9fbe89cd865a608ddb5137d03642ccb9674bfb8cd12590ac8560f6f6adc0ef2ee6040e50216f0abc1110d7d457b468534649eb2de8e5984b
- SSDEEP
  
  3072:UT6NN25fPi/Xaxa6keLTCYAo4RaHOP6AU59ZvHa3B:5fMXi/XaxBn3C3o4ROOybLCR
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2