0ffe83743ad4f24af842623416b7e04bd9d4a731ac311cde5fad58616e94a351 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ffe83743ad4f24af842623416b7e04bd9d4a731ac311cde5fad58616e94a351
Size

117KB
Sample

221128-eac4dsgd4x
MD5

aa683c699c188031e9d65064c2e9cc2a
SHA1

4d747397394b698b9646da61513888fb567524a6
SHA256

0ffe83743ad4f24af842623416b7e04bd9d4a731ac311cde5fad58616e94a351
SHA512

b01c93dd885e46ec11f0a0cc9c8ddf8c757791c534e4bebdcd84f2fcd3bf05ef860a8c0f72b0295e317d2ae3eb5ea68e6dbdd46caf4e0691d8aaa0685564b154
SSDEEP

3072:v3EfSmaiHf19mclIK08RVIizYafZikD1aK1GIAF:v3EffJf1EK08RVL0+ZiG8

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  de_0000239029_rechnung_scan_hp_28_0000000904_page_2_10_01_05_id_00291002098.exe
- Size
  
  148KB
- MD5
  
  49939729a82c23345ca93ae5bc17a0fb
- SHA1
  
  64f93675adbf5e2f3cd12202bd1c931c3319291b
- SHA256
  
  4b8b7f2decda8866944931b0f3591652eac8a1bb1d075008523e38563df779a9
- SHA512
  
  e24c5e2f9a04e0953df8f22f3d35695a0c9ffd40687c60f47e4795b2f30d305337e084ab9a7a51c678709ffc344548856c37bed93174ba9c41d490bbb8805a95
- SSDEEP
  
  3072:jsKrHVQIy7lIK08RVIizYafDikD1a9InMv90VG3F:QKuAK08RVL0+DiGhnMFyG3
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2