Overview

overview

7

Static

static

rechnung_1...05.exe

windows7-x64

7

rechnung_1...05.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7bf6978bf504dbe448ec4e4e18b25fb89cecf62541923622d282b9bfbe5605f

  • Size

    146KB

  • Sample

    221124-nzkn7sbg67

  • MD5

    55dbf6f85124346ded8849a5637c2ffc

  • SHA1

    26bcef34eafb879bf378307cbb304a9f3e3441be

  • SHA256

    d7bf6978bf504dbe448ec4e4e18b25fb89cecf62541923622d282b9bfbe5605f

  • SHA512

    7f4b72d29936ba7f70bab2e70ae451c6c0b3c2651ca8b5a37d9aa03c161ba09e685a9e7265136e2bed6748f84b68aa3ec869e67d55e1ad98670a1c4e7a38554c

  • SSDEEP

    3072:wuL4suyftDcmLDLYYJQEIigwkZM7QWtcJWjRzvNNcIdlwC09BJQB:wuL48ftDcmHz7PgDZJkjRzVOqnUMB

Score
7/10
persistence

Malware Config

Targets

    • Target

      rechnung_11_2014_3280000236_telekom_de_002839300002_11_0000352899_000005.exe

    • Size

      176KB

    • MD5

      4a1d13a05a93cfaa8dd2627c696d2f0b

    • SHA1

      173c81da2aab91f225f8eb5e8fcc87119be4eff0

    • SHA256

      03f825726fdf3341bcfa36fcfd6dcd08e9d7ec3df982f7af9a290aa6f3c5647c

    • SHA512

      29269b35d3b041ccf08d2351e4f3fa906ed396e5a880b357398f2f72ba7a20ff870531b2d7febaa1e4173412074d6bc7bee5723ad683011ee4a247fb683e7301

    • SSDEEP

      3072:q6AMa+ceqZl+r4okWL23kjsZUQoRyV01WZIrLwwWyKdMd9zfp0T0:VfzsbWa3hZUHRHwwWy8UO4

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks