Overview

overview

7

Static

static

2014_11rec...bh.exe

windows7-x64

7

2014_11rec...bh.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9db87496fbc0ef0be4b68c92cce31bdd2bf7e2762644b03770e97faa0aa22c40

  • Size

    190KB

  • Sample

    221124-k67wjagd2w

  • MD5

    286cbd01adce3a26b2c7059591b9bd11

  • SHA1

    d22d6dc0b7ff0429e1fdced33dc8411cca103fea

  • SHA256

    9db87496fbc0ef0be4b68c92cce31bdd2bf7e2762644b03770e97faa0aa22c40

  • SHA512

    807cce8bb5cdda43d3920f008aa52b99797b4b5825433e51874b913875a3f8c256db56442048a8dba6caa7fa81a131b50cad353c947042917fa90c012f441849

  • SSDEEP

    3072:zXVEAKbL7dUjQYBm+wuIc2dl9BfN0rET0oLZIfCpYHLbQOCoowhxQI/kl98LORZc:zRKn7dULBm+FGFBF0wLUZH37OCCKEZYf

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      2014_11rechnung_4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe

    • Size

      254KB

    • MD5

      825afbdeee126eeebae9200dd497b6fd

    • SHA1

      59e6e30d6c386e71d54aa8f7ee53228bce17f4ea

    • SHA256

      69e685713b90b3dd56876565c92dd47ab247cd20326b6dbc1e5792e0f1544914

    • SHA512

      f96711b02d23d5b790eac2444de976a6e931446862c21f1f9498e79ccd021e7528772f5c551510198159e915380af7c2b23e3dfb78c69e7067d47705265c4e03

    • SSDEEP

      6144:v86CSUrscKPe+V/3fdrQ57f+urD/CIfSDte:v8tvscA5Jfdyr3/CIGs

    Score
    7/10
    persistencediscovery

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Scanning

1
T1046

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks