Overview

overview

7

Static

static

652c4f1b4f...65.zip

windows7-x64

1

652c4f1b4f...65.zip

windows10-2004-x64

1

de_0000239...98.exe

windows7-x64

7

de_0000239...98.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    652c4f1b4fdd41ae017632ff5f6a1c932e8f0c80188632c3db153d14ec513b65

  • Size

    119KB

  • Sample

    221128-d96z3scd24

  • MD5

    cfae7ebb397ecd9cdd416dfa01671215

  • SHA1

    9bfd305af4b4dea22069b3ac33473a090fc1097b

  • SHA256

    652c4f1b4fdd41ae017632ff5f6a1c932e8f0c80188632c3db153d14ec513b65

  • SHA512

    e1d2b09b76812b5cc5fdfa7d23b9bdd1e558fb6ce2af59f43716ec723933230f9ddbed2877a60b770c2b43b275e3f8908c5c50550ddb1172d2845121055a8b12

  • SSDEEP

    1536:QpIvh5ZjsJq5gJxfnxGm7LJ9h2e6ClXqC+qGlddXFZ3iWwtFTKy1cjuLZllDFbG1:Qpy5Zjs8qfnxPvbz6CgxIzekiuFvsyS

Score
7/10
persistence

Malware Config

Targets

    • Target

      652c4f1b4fdd41ae017632ff5f6a1c932e8f0c80188632c3db153d14ec513b65

    • Size

      119KB

    • MD5

      cfae7ebb397ecd9cdd416dfa01671215

    • SHA1

      9bfd305af4b4dea22069b3ac33473a090fc1097b

    • SHA256

      652c4f1b4fdd41ae017632ff5f6a1c932e8f0c80188632c3db153d14ec513b65

    • SHA512

      e1d2b09b76812b5cc5fdfa7d23b9bdd1e558fb6ce2af59f43716ec723933230f9ddbed2877a60b770c2b43b275e3f8908c5c50550ddb1172d2845121055a8b12

    • SSDEEP

      1536:QpIvh5ZjsJq5gJxfnxGm7LJ9h2e6ClXqC+qGlddXFZ3iWwtFTKy1cjuLZllDFbG1:Qpy5Zjs8qfnxPvbz6CgxIzekiuFvsyS

    Score
    1/10
    behavioral1behavioral2

    • Target

      de_0000239029_rechnung_scan_hp_28_0000000904_page_2_10_01_05_id_00291002098.exe

    • Size

      156KB

    • MD5

      9b011c8f47d228d12160ca7cd6ca9c1f

    • SHA1

      2fdd519c11980440a2c6e62ca66638903bb006fe

    • SHA256

      8876ae1e261a99ebbad73c1a89e525fa43f1fb6b9241eec58793d818542ac437

    • SHA512

      d22c9d34850a89720b7a1d97d39d0d245cbea70140817092ae7996eb633513d1f1a31eca8100ac13576731b1a923eca691d0149cea63712c34e082ae3f65ed0a

    • SSDEEP

      3072:LCKpj8ySAFBsh6z6CoxIzQFO/YYWhGYeMF:OKpAvkz6xFz

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks