673afe0d3018bc922a3484717fc5146109e79657e46f72b2971a0d7f69dc628b | Triage

Sharing

General

Target

673afe0d3018bc922a3484717fc5146109e79657e46f72b2971a0d7f69dc628b
Size

191KB
Sample

221124-f73wraca54
MD5

7a2821dd64d3b1e2fb9c40ecf701b702
SHA1

ddade4d777cd3bf496be373e4eedd81f30990634
SHA256

673afe0d3018bc922a3484717fc5146109e79657e46f72b2971a0d7f69dc628b
SHA512

17bd6448e7e8ad378e851eaa49e3a68de6d9402caf3c887be7c5d21a3904ef4fa0e38252f2bf2bb6bac356d4e8fb40a82b678a3dafbbc7f770d6950a76e44145
SSDEEP

3072:IXfohkFpNLr8pjX8YFvpU6RUX7/eQvfrpdmWmbHGOoOe+1guG+xIm:IXf1L4zxvVRaeQvfrEF1guG+xIm

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2014_11rechnung_4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe
- Size
  
  257KB
- MD5
  
  13ad6aabcc3fa5508629b1abdbc35c11
- SHA1
  
  66db64ad6421ca3dc7e6d3947af652227a7e92e2
- SHA256
  
  bbf30567b1c29bf5af5fe39487faf0a42b5ad6b2e8e66ed264e00defb08dbd6b
- SHA512
  
  88ef1f1689808a20eebb3345f9ab1972c076d981b03d3cf239847017e959907f9a4ed009817c71b269f93998646a2df32cdc84ff130b77d85bbf074051a38c4c
- SSDEEP
  
  6144:AIC9kGrTF4+DsFuetesc62acDUWvqNn0:AICtrW+0OscDU8qN0
Score

7^/10

persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2