Overview

overview

7

Static

static

rechnung_v...30.exe

windows7-x64

7

rechnung_v...30.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a5cdec9d6337ae044487c8d29ce0055fb46f64e96c4ae624b8545cfe2ecb455

  • Size

    130KB

  • Sample

    221124-e19v2sha52

  • MD5

    d69a51cae8dfd4f74fd870a8d1bc361a

  • SHA1

    d52580dbc191e077f901500cb99a2a2389df7fac

  • SHA256

    7a5cdec9d6337ae044487c8d29ce0055fb46f64e96c4ae624b8545cfe2ecb455

  • SHA512

    ec1da59973e2ecb3cd56c197c964a0fdf0d04bd2cc6d0812e223560cc2a30af39ef36f7d7cc4aea26fcbe217052c70705e09ead485e546b1418bca174c9feafb

  • SSDEEP

    3072:otYgtwCu+a9MMTb/OTlrjmPl3XymSPTTW6ulFoQea8OOU:+Ja9MMf+m9nCTGkK8PU

Score
7/10
persistence

Malware Config

Targets

    • Target

      rechnung_vodafone_de_2014_11_930370025_023870007_11_de_0000003837_888830.exe

    • Size

      176KB

    • MD5

      13997ebf7af8d37dda6697ac03f76cc3

    • SHA1

      9be2bcd498406bdfb05f860ad726273c4a7b4f3a

    • SHA256

      11ecf58db103eb2ded5b942f303d48b5d77e336b8edfe335fa7b81264d1f50ef

    • SHA512

      2894ef41ec784fb39ec663ff8ca5fa8c0ebbd875f95f6e2b843c8bca59d63cc7c43f64df43898290cef31c4b32478819f437fcc4656606d0f7cd4721c735ffee

    • SSDEEP

      3072:rGwR1qmB1TQgHtMF5a6I4Ya5Tlrjmvl3XymSPTyAAwoc9+IkMd+zr3/1C:7KLa6I4x3mdnCNAwo42M

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks