Overview

overview

7

Static

static

rechnung_v...02.exe

windows7-x64

7

rechnung_v...02.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f214e335e04c8b3af882ba70861d16a6c30631d0ee00ed0159c8789106d01290

  • Size

    121KB

  • Sample

    221124-exrkasgg33

  • MD5

    cd2441b6d3357188732e223d9d0ba28c

  • SHA1

    6b45fd2b16f060cf42c28769382e58a98cb24883

  • SHA256

    f214e335e04c8b3af882ba70861d16a6c30631d0ee00ed0159c8789106d01290

  • SHA512

    feeb3cc6b4f0f5111d0e271dbfae1dda70a1c78f396c95a8e9cf2b11174dd85440636ed7927d530a94be0defda03c518e6740b805a41e4af769613df27496bb4

  • SSDEEP

    3072:+/EVJukPSszLgdOoDbj78dYHvbCQpLtf4P4H3rzY:kEVVPTzwHDbNvuQtlH3HY

Score
7/10
persistence

Malware Config

Targets

    • Target

      rechnung_vodafone_team_0000399387201_0020398478002_0003_77352_192_0200002.exe

    • Size

      152KB

    • MD5

      fa2f4d553195f26107bb14dd6bd1336f

    • SHA1

      afc4088979a8de48bc06f921ffcddec35716b00c

    • SHA256

      6d9e4d239cebe3c438a2c9a582afbc6d8d06f45fc5fd00b7aed6591d9826c276

    • SHA512

      12c2343d8a7385fb1ea9e7b46ee47216cc53445ab40b9708450adb044dcdbf470b9140620de071206a95446ef801fe7cb7164f8a822cd6f4c22a7777b50a2595

    • SSDEEP

      3072:+PUPz54mYWpWUGgYWancdOoDbj78duHvbCQpLtfCczU+vA6VtfROjVmd+zr3/1Q2:AuGmDGPQHDbZvuQtNzU+v3ML

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks