Overview

overview

7

Static

static

online_tra...28.exe

windows7-x64

7

online_tra...28.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    531a10933b40b0afc170ac5317b7a8997135b4fc692b030588633cc8f08d7668

  • Size

    126KB

  • Sample

    221124-ey8j7sca8y

  • MD5

    2d03a6df0fb38080690944299725aa9f

  • SHA1

    4d06cb11652ab18c7ab1ea94923ff590fb455a00

  • SHA256

    531a10933b40b0afc170ac5317b7a8997135b4fc692b030588633cc8f08d7668

  • SHA512

    77df1a8ab7e82db4d1b0b041d2ba55db35ac6f1f6dd79b56276f9ed6283577cb91838563cc4b82c380194a54ad85c24331406cfb0927273a44a267d2ece98164

  • SSDEEP

    3072:C/S5UHg3D/FogdLgLi2ikZyYbmlpSchjDecOXXf1V9cfGg:CfuE7Zy9h2/HVcfGg

Score
7/10
persistence

Malware Config

Targets

    • Target

      online_transaktions_11_2014_0939380001_12987384_93_39_003_365_9388347_00111_02000028.exe

    • Size

      168KB

    • MD5

      96a7cae09e4fe1046e056e6e21013b2e

    • SHA1

      082ab3ae77fd10fb6f0f00764fb6dd47fc126f0e

    • SHA256

      5c3b6bb6440d47a0ae66c72c298a56dab4b3f4dcda117e8df649f6915def0131

    • SHA512

      c1632233d901c03da1ed45b7c24856e291f79d7162ae37ec4633346b4dbc0e57b74484ea8f289a3427a2637d74f3dda84bf5e3484611d358df033a674fde1f03

    • SSDEEP

      3072:nVmADgh6x5y7FuW3jLi2ikZSYbmlpSchjDeL8lOW+9d+zr3/1C:nVAh65pW3Z7ZS9h2LjOM

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks