Overview

overview

7

Static

static

2014_11rec...df.exe

windows7-x64

7

2014_11rec...df.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07ab10f20704c47c4cb5b3bf970ecbdc82d4cdd535cea3c646a11966f70af487

  • Size

    118KB

  • Sample

    221124-rhf68sda51

  • MD5

    637c15139f3d410a3345283124f280a2

  • SHA1

    12130bb41ab7f8e5fdafe2d59b676c19074a9927

  • SHA256

    07ab10f20704c47c4cb5b3bf970ecbdc82d4cdd535cea3c646a11966f70af487

  • SHA512

    65321defd57411050e3b01cdb285ba54db9dda7334ba7ba4e6e31621bcf1642e6a366a3d1b5122b2b8b5922783e4265c4d12b9e8d1b43e6984c6d63a78f3fb2a

  • SSDEEP

    3072:3leYB3qT/ye1dN6so3Llk5aAGGUvX+IurWuK6o5yw5pP9m+OHMVEd9:FqT/ye1dNmLeaAGd1uK/z5T5pP9mHVd9

Score
7/10
persistence

Malware Config

Targets

    • Target

      2014_11rechnungonline_pdf_vodafone_0095890374_537999190_82135674.pdf.exe

    • Size

      140KB

    • MD5

      112b33bfeb2514bf11b0595c55173b32

    • SHA1

      bde96a6d72babb9d5dea78d98dfa434ab2108624

    • SHA256

      585f86ba3173d7a8560a2e82d6adcc8e3e3772bbaefb3239547b43a6685f21c1

    • SHA512

      eb9a80e201d751740d0992459e1fcd61f3973113ab62c4d0b930dabcb165095492dc7d70ddfe8267c707d1b73df3a0df772c755b2477839a1f754e17be51401b

    • SSDEEP

      3072:sJjzdejzg3KOSD+dN6so3Llk5aAGGUvXaIurWuK6o5yw5pP9m+OnlNEWd/SGv4MC:URejz+KOW+dNmLeaAGdZuK/z5T5pP9mI

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks