Overview

overview

7

Static

static

Volksbank_...df.exe

windows7-x64

7

Volksbank_...df.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7fbc3839bdeb9654a49fcf022f189e115742275c396664d36ea5c950fe1d295f

  • Size

    118KB

  • Sample

    221124-rgvy1ada2v

  • MD5

    e684ad86b76cd528d13eebd1da2a8af9

  • SHA1

    2a0bcbb5e8a7520c3176522acf75db003a777e4b

  • SHA256

    7fbc3839bdeb9654a49fcf022f189e115742275c396664d36ea5c950fe1d295f

  • SHA512

    386d70ca50c4d40e32e6a817dfdd1c100d6eb89d976271ed723ab2ecb57ac6f2d2cc141e656fe540540d4eb76f1d2a4e25875301f1ea2232aa08744998c0aa79

  • SSDEEP

    3072:2leYB3qT/ye1dN6so3Llk5aAGGUvX+IurWuK6o5yw5pP9m+OHMVEdY:qqT/ye1dNmLeaAGd1uK/z5T5pP9mHVdY

Score
7/10
persistence

Malware Config

Targets

    • Target

      Volksbank_Nr_78412206841_November_2014_03_22_12_38309_bshw_000000-007.pdf.exe

    • Size

      140KB

    • MD5

      112b33bfeb2514bf11b0595c55173b32

    • SHA1

      bde96a6d72babb9d5dea78d98dfa434ab2108624

    • SHA256

      585f86ba3173d7a8560a2e82d6adcc8e3e3772bbaefb3239547b43a6685f21c1

    • SHA512

      eb9a80e201d751740d0992459e1fcd61f3973113ab62c4d0b930dabcb165095492dc7d70ddfe8267c707d1b73df3a0df772c755b2477839a1f754e17be51401b

    • SSDEEP

      3072:sJjzdejzg3KOSD+dN6so3Llk5aAGGUvXaIurWuK6o5yw5pP9m+OnlNEWd/SGv4MC:URejz+KOW+dNmLeaAGdZuK/z5T5pP9mI

    Score
    7/10
    persistence

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks