2584fbe24ad7ee8e837673d1df2f7b7dbced157012ee30cbddc84fa2c542fed4 | Triage

Sharing

General

Target

2584fbe24ad7ee8e837673d1df2f7b7dbced157012ee30cbddc84fa2c542fed4
Size

120KB
Sample

221128-csn79sce4x
MD5

77201e555b4eacb559d005400b62b3e8
SHA1

b201aa66aa21e1caed56296714742ccf15537648
SHA256

2584fbe24ad7ee8e837673d1df2f7b7dbced157012ee30cbddc84fa2c542fed4
SHA512

30158d91cbbbe22e02ee14405bb17cda3b7b4eebfb398efe139c55c0839442229d4f46e026e34b37b1c2a864d4e71651aec875232b2e740c72d31693761d7060
SSDEEP

3072:x4EjpQT7UkF/4faxa6keLTCYAo4RaHOP6AU59cvHa3B:xnQXU+2axBnPC3o4ROOybCCx

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ihre_telekom_mobilfunk_december_2014_8320002103_12_01_910238002_1_9_3_7_001_002.exe
- Size
  
  144KB
- MD5
  
  165e0668c9007305f4335ff6ed4c9854
- SHA1
  
  b8ff03c73b8df5f9a840378b6862c39bd2b5eb5a
- SHA256
  
  9bfb04be2ce0a624be8edc3666d93686b73ead053644430876047c4a88862881
- SHA512
  
  a0232ea13fc9e30b9fbe89cd865a608ddb5137d03642ccb9674bfb8cd12590ac8560f6f6adc0ef2ee6040e50216f0abc1110d7d457b468534649eb2de8e5984b
- SSDEEP
  
  3072:UT6NN25fPi/Xaxa6keLTCYAo4RaHOP6AU59ZvHa3B:5fMXi/XaxBn3C3o4ROOybLCR
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2