Overview

overview

7

Static

static

rechnungon...27.exe

windows7-x64

7

rechnungon...27.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c72e618b6d2288cbc18d55710635bd18f9a884c5f9bcbdb2c0eb962d4a0c2ab

  • Size

    123KB

  • Sample

    221127-tasw6sdd6v

  • MD5

    fb1bfc1c5033d5f20f0a208ca2b2101d

  • SHA1

    c70c455b93d6616574e816b95b066d31c4fe89f3

  • SHA256

    6c72e618b6d2288cbc18d55710635bd18f9a884c5f9bcbdb2c0eb962d4a0c2ab

  • SHA512

    08d8631332516048c5956a2150171a49ffa6dae9847c2270dd58d7952a9422464eaef91f246cf086f6ce67fea5bd9f402d92fcb62581d71a5942abf8a88cecb0

  • SSDEEP

    3072:7SRI3CNStqwGr/d4eXsy3cvf5ftCC6ofPHPK5dTLiwCOv8G7BVgiS1Dm:eI3CEqwe4GZcXgonPKLF8CYiS0

Score
7/10
persistence

Malware Config

Targets

    • Target

      rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_027.exe

    • Size

      172KB

    • MD5

      3d83c8e629e7a271448568b4edf53627

    • SHA1

      28f376dbfb54f68fa87dbb20255574cc1fa9f63e

    • SHA256

      b5281c0c00bdc0ebde811cb4ae7458eefd4c4add80eb4d8ef3e4a90280b06133

    • SHA512

      b68333badf1c5147e11cd1c0299732eda31268bbc690521beb1304370b007dc9cc786033d0c6e332d42d2ac90699c49e1fdd832a603b03b7f26d0fe36092fbb0

    • SSDEEP

      3072:Aac0KMWBexMF+4eXsy3cvf5ftCC6ofPBPK5dTLiwCOv8G7PAPplKrrz:AbKXxI+4GZcXgohPKLF8Coh

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks