9d058af41ce79083560c772014ab63bafd8de6d584b313749c78e5dcfab46f0c | Triage

Sharing

General

Target

2-1pnGjO-0001oG-DV.eml
Size

43KB
Sample

230414-nr7trsbb3y
MD5

9d5c7691a9272e4937f2b168c56a6891
SHA1

af2aca2b2f77fda2ceaa20bdf9ac8102a3197e10
SHA256

9d058af41ce79083560c772014ab63bafd8de6d584b313749c78e5dcfab46f0c
SHA512

f384e3c6bf1afa2fbad58d693b74438ec13572cf7f85e34b2cc347b743d215a15b255e8b87906336dbdbc8636ad2f55771ad66dab6db9ef6c47a73f7a5cd9162
SSDEEP

384:7b17cnPVR0TiPP94z9yqhg/ptW/sYaFenry8FAAS2gvY5PbnlkFAbSqHBRx9uKtz:vEoBAABcyTnWFASqHBZuKaKC0Iq

Score

10^/10

persistence

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://this-is-vip.site/trs.zip

Targets

- Target
  
  Rechnung t‮fdp.bat
- Size
  
  80B
- MD5
  
  74519b998ff28949d9832d83ae2b762d
- SHA1
  
  958a9c7b79836263e4faa9c453396edf57cbf0af
- SHA256
  
  3fe0959462a072cc684bad5738419f1f040caca84477a184fdd719ad0a3b21aa
- SHA512
  
  72d186c5dbdca6c266dc5f1e33de485df98bc8b619e795f5211830767fe04b7ed5808869c657779e32cd0afbc77a9f70eaaceced59e3c9b5cedddb31c45039b5
Score

10^/10

persistence
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  Rechnungs/SM.ps1
- Size
  
  1KB
- MD5
  
  28ac93cb29f22234f09d8dd8ae2ba8d9
- SHA1
  
  eb6eb0a906652ca447d5db48a1158c0dab36b488
- SHA256
  
  445da7c0f861bca8d8432bf693748870d4bcba3c2d1dcaebecb833fb7b435840
- SHA512
  
  092a31e212dc9be38a63ea8970db8cca0a0df58f4f097e9e1cea7b6b6dd6e411a4e262ef0cd48328069af25c82d8b632f9c7eaa34a9c3acce0929964505d0be0
Score

10^/10

persistence
- Adds Run key to start application
  persistence
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2