2a3ca8139da9d1826ce299f016b6b63935b4f77db21a26d1d20fd0be3e5f03c6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a3ca8139da9d1826ce299f016b6b63935b4f77db21a26d1d20fd0be3e5f03c6
Size

122KB
Sample

221125-wc83aada87
MD5

4f943735c43fab891cc086aa300fb4cf
SHA1

213184bd6e255e3e1972ee59ee02bf90e83040f9
SHA256

2a3ca8139da9d1826ce299f016b6b63935b4f77db21a26d1d20fd0be3e5f03c6
SHA512

c5ba029ca73a6e6af5c8ac3e68390f3e7cd5934d5efd78692f28d7ccd07b9b2753328631fd283fbfd237d8cfb55dbab69cb7c1235e87692325c9bce76b5cb8bf
SSDEEP

3072:APn83pkNSmCCLsLe5z0psVFMewD0fj7ifYqTgQgb:AP8pkNSEsLOFMlD0fj7ighTb

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  volksbank_de_transaktions_id_000023928001_2014_11_0000390382755_00003997550002.exe
- Size
  
  148KB
- MD5
  
  447ea8f436208e24a8421e311a27bca2
- SHA1
  
  f1f93934579b8c17aa7b798072ff8944fb3bb3ad
- SHA256
  
  eb69817b4d0655fea46edd195bdd378200ff7182c16b36319190bdde5402c25f
- SHA512
  
  06f4aed8bcd558e11d0449fc097224fff0996417fcbe9e4f8a771ffbfa73f42010f731046eda6bcb8d4822b032951f5d71af2f4258cf1c99490e81bc2daebd47
- SSDEEP
  
  3072:WPIa4nO50c6fPDJCLsLe5z0rsVFMewD0fjhStoWe:WP34nO5k6sLcFMlD0fjhSyn
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2