f60a8ed19cf1c565ed8b8888db49826317d1040bf917509eab39b14ec78fe378 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f60a8ed19cf1c565ed8b8888db49826317d1040bf917509eab39b14ec78fe378
Size

123KB
Sample

221128-jrgkcsgb26
MD5

37788a0f2b654eef7d98ed2d450f8048
SHA1

ea61f47f468201cd6047d87e037f6fb546dc4293
SHA256

f60a8ed19cf1c565ed8b8888db49826317d1040bf917509eab39b14ec78fe378
SHA512

9186e08531235dafc6a956074f1caf54bbffc5ae0410b97de236557cf2ae8644cede59a896e864f51b51080332c4c9d4649ddbd72e9fe67ea480283021764d26
SSDEEP

3072:cuw3eMJ+D0ZYTVCxs3oKSiMByHEvPlXSlyv:Tw3ezIZYus3pMByHEv9Sls

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11_rechnung_1_1_000309399002_4884_9849_00483_00222_0039459856_29392_000000002008.exe
- Size
  
  156KB
- MD5
  
  eedc2edf4c2690abebc913ef8c048645
- SHA1
  
  2a729c9ea13ebaceb8209f03b61ab730b0b1dcae
- SHA256
  
  f314842213f7beed8d180da004720a4727900585e31fb8753089e09d94b291d3
- SHA512
  
  2a7a1c5df1190665beb5c6eba67200e114205527144e1c0ac1c10ac39d697410a5cbd947f6c7387a92e0f5339665134f6a3cd32a5e9596a3242ad47270c1b75c
- SSDEEP
  
  3072:GXUSz54mtk/Yq5YTVCxs3oKS4MByHEvP2+EoFsZgK6GtfROjVmd+zr3/18r:ILGe4LYus3BMByHEvO5oFs3U2
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2