Overview

overview

7

Static

static

de_0000239...98.exe

windows7-x64

7

de_0000239...98.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acdf33ea6d90850e16d49d0d768478012350011dc0afb1bbc7997b21549aa976

  • Size

    120KB

  • Sample

    221124-ephx7agb46

  • MD5

    b7c9c2124fa7eb263f789e605a428870

  • SHA1

    eb745919cab9b9f59e3eb22c7a673f6fdae863ab

  • SHA256

    acdf33ea6d90850e16d49d0d768478012350011dc0afb1bbc7997b21549aa976

  • SHA512

    ce10cad52dd570bbf18b47902cfb4defb9f9f1922abd095c305f0f8931b982202f3f8b70b08e7d32d20c7c429e620787513991909b1d5dab23fe5c1aa3d90e37

  • SSDEEP

    3072:UwStxY3/etB8WJwy/mMeUDusnZCwzKAzswF1De7iyV:UdnMGYWJJ/Kpsn4QVBaOk

Score
7/10
persistence

Malware Config

Targets

    • Target

      de_0000239029_rechnung_scan_hp_28_0000000904_page_2_10_01_05_id_00291002098.exe

    • Size

      144KB

    • MD5

      738dd7cf1133cc2813a10813859e6e61

    • SHA1

      dcfca6a60b767a64058e3d653a43789c1461e997

    • SHA256

      74e86d70cb60b9ca846a892d99570500ddf7f5d376f70cd0c3346edd29680d57

    • SHA512

      64edf119f1ee78f63deb5b41fe978cf57a05e09ce9f9597c12e29d21e718bdd8bdc717d5049c38cdb607e4d9db33a69df4c0f2aa06c3839043685d1be7b71389

    • SSDEEP

      3072:UD6NN25bPpA3chmH/qB8WJwy/mMeUbusnZCwzPAzswF1De7iyc:JfMTpR4/JWJJ/K3sn4Q4BaOv

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks