From 29e50377ac106ced3b04c6c8aeb62a949850b935 Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Thu, 5 Sep 2019 13:13:38 +0200
Subject: [PATCH] Update Malware analysis 26-08-19.md
---
Israel/APT/Unknown/26-08-19/Malware analysis 26-08-19.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/Israel/APT/Unknown/26-08-19/Malware analysis 26-08-19.md b/Israel/APT/Unknown/26-08-19/Malware analysis 26-08-19.md
index dde5e01..461518b 100644
--- a/Israel/APT/Unknown/26-08-19/Malware analysis 26-08-19.md
+++ b/Israel/APT/Unknown/26-08-19/Malware analysis 26-08-19.md
@@ -20,6 +20,11 @@
### Initial vector
###### The initial vector use an SFX executable, who drop a lnk file for the persistence, a vbs file and the docx file for decoys the victim.
+###### We can note that the topic of the document only for decoy the victims is about a scandal in the Hamas leaders.
+
+###### Here the translation in english of the content of the document.
+###### A new scandal for a Hamas leader
In the difficult circumstances of our people in the Gaza Strip, and what the head of the family suffers in order to earn a living, but financial and moral corruption does not end in this stray rogue in the name of religion.
We received leaked news that RA, a Hamas leader in the northern Gaza Strip, was interrogated on charges of financial embezzlement. Investigations show that he has an affair with a girl. As the private source said to us, he was stopped from practicing any political or movement activity after this incident.
Question how long ?????????????????
For more details please email us at the following email.
palemptn@yahoo[.]com
+###### We can note too that the email address is valid and invite to send a mail about this event.
###### We can also note the multiples possibilities for push the persistence and options.
###### This execute the vbs file for push the persistence in the startup menu, hide it in changing these attributes and launch the persistence (lnk file)