Overview

overview

6

Static

static

rechnung_n...89.exe

windows7-x64

5

rechnung_n...89.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de4a2710d790bdc0a3d8ce259a70d04b5c91bccfa092786adf57a76cb7bd601a

  • Size

    121KB

  • Sample

    221127-r56emsad2y

  • MD5

    8978a3214606204326f325b71d3ce314

  • SHA1

    0da1366b3c79ea6699d47dfca5045666084c1236

  • SHA256

    de4a2710d790bdc0a3d8ce259a70d04b5c91bccfa092786adf57a76cb7bd601a

  • SHA512

    835273b76cdca8390eeecece2a5da14db74472e9422271ecdb3b1e402a0ac67f4ae538b6a3a4de2faa1de762e356c6085f160e2e018dc5c5f283d80a6f0baaa8

  • SSDEEP

    3072:NjT/embGvM5yN+IpSot5A9mC+iDbG8jOzBYdXBRUoZm:NXe78GpH7A9mVEG8SzARpZm

Score
6/10
persistence

Malware Config

Targets

    • Target

      rechnung_november_2014_0003900028_2014_11_0029302375471_03_444_0039938289.exe

    • Size

      152KB

    • MD5

      f3ebd9dc2bb17ade3db704bcf06ddb6c

    • SHA1

      8c827a862c86991d6f2012174c982c8bd4673fd1

    • SHA256

      fd72f9b70df6b6acfaa5a6553bd0094a260982aa9a63f38163e380fa600b54c4

    • SHA512

      f627a94307d0ee7517adb49f6820fef9c1a24b81b3777e6d0552ae475080c1b45f4e46ceafe097e9a6eeda48e00491bd7643961fedd8263453e77fb3372075b1

    • SSDEEP

      3072:wXUSu53x+vhiBIVHIpSot5A9mW+iDbG8jOz102+SvJex9Jf+ySd+zr3/182:GChx+5iaVopH7A9mhEG8Sz6LOUj/

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks