Overview

overview

7

Static

static

rechnung_v...30.exe

windows7-x64

7

rechnung_v...30.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb2a83d84cd6d2a41d66c5ab5b8b4c55084d0dc5b6fc87abe330e2e7baa3b110

  • Size

    123KB

  • Sample

    221127-rwa75shf7v

  • MD5

    ace5167346baad990b28aa670e4d9f2e

  • SHA1

    d35104bf8c9ef60188a1cccdfd42ca277d53481e

  • SHA256

    fb2a83d84cd6d2a41d66c5ab5b8b4c55084d0dc5b6fc87abe330e2e7baa3b110

  • SHA512

    998bd273ca2e8ffcbf86972ee963bd36771c4e5600c8750643b9ce8c26ce66dc15494a6e6257525e245baff31b026fc78adb8d676d08cd256db4d4a18855420b

  • SSDEEP

    3072:T5eft5Ut4jmxN/j64eXsy3cvf5ftCC6ofPzPK5dTLiwCOv8G7CoEEcMT:QvRyxN/j64GZcXgoTPKLF8CCo1c4

Score
7/10
persistence

Malware Config

Targets

    • Target

      rechnung_vodafone_de_2014_11_930370025_023870007_11_de_0000003837_888830.exe

    • Size

      172KB

    • MD5

      900355d6300b7b803761d8109b625049

    • SHA1

      76ae74fae7c7ed5f442f16260c37c3279034cfba

    • SHA256

      9f039fb0d0675665fbbaff597d392771bf5c1ba366e51011e656cf51c2e78b85

    • SHA512

      79420c3353fc438fa7097393173f63b9be7de7c0f0b972c2506174018865763c6a4808906cd241f1a13a4f275ceebfe7ff3da6d60f7d233bc0ccc870997196ea

    • SSDEEP

      3072:ha4wKMWBexMF+4eXsy3cvf5ftCC6ofPBPK5dTLiwCOv8G7PAPplKrrz:h3eXxI+4GZcXgohPKLF8Coh

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks