Overview

overview

7

Static

static

2014_11rec...bh.exe

windows7-x64

7

2014_11rec...bh.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c1d411db7924e31871b821267ac8de26a1ac3dbb0e460650b7a5a62fb188b1e

  • Size

    191KB

  • Sample

    221124-l455lafe57

  • MD5

    3df5daf960c6a63fcc9f1e1764b8d06d

  • SHA1

    95402ff1bc629a766acd9f7fa8f2507b588f862c

  • SHA256

    4c1d411db7924e31871b821267ac8de26a1ac3dbb0e460650b7a5a62fb188b1e

  • SHA512

    2466d008b4909363efe5efff5576e9b4ebeb58000ae932aabaf7458f8d510623588303eb7a479a2462c00cc077fe70773c5aa3235eb132b135bfbfd0c9f71d90

  • SSDEEP

    3072:4XfohkFpNLr8pjX8YFvpU6RUX7/eQvfrpdmWmbHGOoOe+1guG+xIS:4Xf1L4zxvVRaeQvfrEF1guG+xIS

Score
7/10
persistence

Malware Config

Targets

    • Target

      2014_11rechnung_4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe

    • Size

      257KB

    • MD5

      13ad6aabcc3fa5508629b1abdbc35c11

    • SHA1

      66db64ad6421ca3dc7e6d3947af652227a7e92e2

    • SHA256

      bbf30567b1c29bf5af5fe39487faf0a42b5ad6b2e8e66ed264e00defb08dbd6b

    • SHA512

      88ef1f1689808a20eebb3345f9ab1972c076d981b03d3cf239847017e959907f9a4ed009817c71b269f93998646a2df32cdc84ff130b77d85bbf074051a38c4c

    • SSDEEP

      6144:AIC9kGrTF4+DsFuetesc62acDUWvqNn0:AICtrW+0OscDU8qN0

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks