12832c77ab36fd57531bb00e0bcacc87ae1e44f54d26192b45c11c2791a3897a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12832c77ab36fd57531bb00e0bcacc87ae1e44f54d26192b45c11c2791a3897a
Size

126KB
Sample

221124-fd1jjadb51
MD5

4e24ff0cfff798034b9a64b4816ba9f8
SHA1

43beb46dfaecf80166b7f4f862a14de683e444e2
SHA256

12832c77ab36fd57531bb00e0bcacc87ae1e44f54d26192b45c11c2791a3897a
SHA512

9ff3278385d20b9347c45f87b698f921c4a8f4f8a54ee08a4a48cb501a06756b42a7ef1c5765382cbe9f063fefb07e27cee53ddc28c50ea16777906c744dfb31
SSDEEP

3072:YTE32P0xKLBStd3jUQdW66THeOO16ogZrss1IyLXfgQhS:YT3PgyBqz14TE6dZrbI6vhS

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  volksbank_de_transaktions_id_000023928001_2014_11_0000390382755_00003997550002.exe
- Size
  
  176KB
- MD5
  
  5095f22cbdd7c59303fb7d670c97afa5
- SHA1
  
  35712036e76c5215b512f9ddb73321617387a98c
- SHA256
  
  79e4ffae8c0d0abd80d090d5f3465855b25955509e78d0ced3eab4cfa6d43015
- SHA512
  
  9c4815c773a1b57c1178056fec3063894869b51af02cca52baf94a8ee1644d90a2b7444951979f15ecf90f718ad920353cf21927e754158580e479ea5106c0fc
- SSDEEP
  
  3072:5KzHNmI+9MEJRuOmz1C+cSQStd3jUQdW6OTHeOO16ogZrssN6wc+ga0Mhze:5qHByNJGBC+Cqz14TE6dZr5PQ
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2