Overview

overview

10

Static

static

3

TelegramParser.exe

windows7_x64

7

TelegramParser.exe

windows7_x64

7

TelegramParser.exe

windows7_x64

7

TelegramParser.exe

windows11_x64

8

TelegramParser.exe

windows10_x64

10

TelegramParser.exe

windows10_x64

7

TelegramParser.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramParser.exe

  • Size

    6.9MB

  • Sample

    211113-s644msfbc9

  • MD5

    97dbfaa974802371431bc4390287b200

  • SHA1

    f9a93a1365a078221e43147f89b12b324ad0d64b

  • SHA256

    696f42a28639fe4d9df0835d42fcc467a7d2612b5794fc05c4cca0940b79d9d7

  • SHA512

    4a2a434e67e13f82256ddbab35bebf0777a591db6234c46cee8570dc260e6d436e52557c95fe5bcd54777338f3fc0fe7f7f18ad31998b69124ca13cb6ab98291

Score
10/10
persistencepyinstaller

Malware Config

Targets

    • Target

      TelegramParser.exe

    • Size

      6.9MB

    • MD5

      97dbfaa974802371431bc4390287b200

    • SHA1

      f9a93a1365a078221e43147f89b12b324ad0d64b

    • SHA256

      696f42a28639fe4d9df0835d42fcc467a7d2612b5794fc05c4cca0940b79d9d7

    • SHA512

      4a2a434e67e13f82256ddbab35bebf0777a591db6234c46cee8570dc260e6d436e52557c95fe5bcd54777338f3fc0fe7f7f18ad31998b69124ca13cb6ab98291

    Score
    10/10
    persistence

    • Registers COM server for autorun

      persistence

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks