e1053b57c0f80deabf600c133ce6a29ddc1bffd6d5ae275d28af24fe735f127c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1053b57c0f80deabf600c133ce6a29ddc1bffd6d5ae275d28af24fe735f127c
Size

126KB
Sample

221124-fd6qjsdb7s
MD5

a1e6d70aaca7cce1775068dc4fa19d9d
SHA1

247481e026d7721bd3747021a2a35a8e6c57805f
SHA256

e1053b57c0f80deabf600c133ce6a29ddc1bffd6d5ae275d28af24fe735f127c
SHA512

463495f619d6dc66e2e133ea679eacfe8dc4ea25944802b671dc212ded0135a12127b188f2be4cc21741a62e0be3875ecc66f95f44c15807b0a1045682f7cebc
SSDEEP

3072:tHP9RhvRq/61Std3jUQdW6+THeOO16ogZrsskIyLXfgQMR:tH1Rrq/qqz10TE6dZraI6vMR

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  volksbank_de_transaktions_id_000023928001_2014_11_0000390382755_00003997550002.exe
- Size
  
  176KB
- MD5
  
  5a6d83bad40fd930a022e83d6b908ec5
- SHA1
  
  9ede609f261ac75f4ebbcdd992f60413d9321e18
- SHA256
  
  090aa6b68e11119bd7ebd642031d6dae71d0339ada5fe92e336b0fefa24d4eed
- SHA512
  
  efa7f252dd73c944d1ff98cf3cbb91f921c6cb4afa69de5685450150def8a62dd2977b2be10341370c0cad001a8595c5dce2b5268229cbbf3733af83ce580014
- SSDEEP
  
  3072:RKzHNmI+oMEJRWOmz1C+cSQStd3jUQdW6OTHeOO16ogZrssN6wc+ga0Mhze:RqHBTNJuBC+Cqz14TE6dZr5PQ
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2