Overview

overview

7

Static

static

volksbank_...02.exe

windows7-x64

7

volksbank_...02.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8794b0b97210e47d0dddd24f0f1a258fe1c7d0843ab931dccabb12abe7aca0ee

  • Size

    146KB

  • Sample

    221124-l4s52afe49

  • MD5

    57f6967ffcdb34c2b480df31313742ac

  • SHA1

    f1731779e63200efcf73fe52eae71649973dd5ce

  • SHA256

    8794b0b97210e47d0dddd24f0f1a258fe1c7d0843ab931dccabb12abe7aca0ee

  • SHA512

    253b1d1f883d1122b17cf5e4c4e845517130ffb0b19c2e338fb0b9af1890cefb388bb5a4f7a2bdbb6e68163c65b1bd79d83c629a41c84914649a88afb39d3dc6

  • SSDEEP

    3072:JzcFkb1ZEVeXmM1T2O/9iU1m6djGxQpGxINS9rmHg32lYmlVGGyCG:JQKEoXmM1T2O/fn9vc80rmA3KYmlVGGi

Score
7/10
persistence

Malware Config

Targets

    • Target

      volksbank_de_transaktions_id_000023928001_2014_11_0000390382755_00003997550002.exe

    • Size

      176KB

    • MD5

      26599a5d851894bac450a5529f779960

    • SHA1

      86ad307147dcc84a84433c6728444f8f36e7a1e8

    • SHA256

      5375bce7f7d28f834652064ba8c6f41864f3e1fef385aa093a14cf00165976de

    • SHA512

      87a354060184dc12c9ee156e863cf62ebb95bb3557c75851c987cf3889f7445ccf2e1c9b93ceb6a1bc74ae5fcf03d60b3a8b93cf112f1586a5a033b1a4b6199b

    • SSDEEP

      3072:K1tv0jMkCL5x8KxMFS/71d0u6O6DZxwWpPcrKxCtxQ/LgM8rPp0j0:KTCEXz/7D0u6RlxRPk8P8r+I

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks