0af4849de31d38e32a4f913261867aeb75517058e5db9e94f7dd7ed8f1c790a0 | Triage

Sharing

General

Target

0af4849de31d38e32a4f913261867aeb75517058e5db9e94f7dd7ed8f1c790a0
Size

122KB
Sample

221125-wdcqgada93
MD5

695685fff3699dac4ad02508a41fc3f1
SHA1

e307349e2f35104b6594501b74437129bfc0fb74
SHA256

0af4849de31d38e32a4f913261867aeb75517058e5db9e94f7dd7ed8f1c790a0
SHA512

b6f8ea5c064d699ac4dbe7cf3361708a1eb409e994d3ab1fd72cae715845b2508fb117f37bcd13ae1b75a27efc7e2731672d1204235cc4662dc86d379cb35e30
SSDEEP

3072:kPn83pkNSmCCLsLe5z0psVFMewD0fj7ifYqTgQkb:kP8pkNSEsLOFMlD0fj7ighvb

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  volksbank_de_transaktions_id_000023928001_2014_11_0000390382755_00003997550002.exe
- Size
  
  148KB
- MD5
  
  447ea8f436208e24a8421e311a27bca2
- SHA1
  
  f1f93934579b8c17aa7b798072ff8944fb3bb3ad
- SHA256
  
  eb69817b4d0655fea46edd195bdd378200ff7182c16b36319190bdde5402c25f
- SHA512
  
  06f4aed8bcd558e11d0449fc097224fff0996417fcbe9e4f8a771ffbfa73f42010f731046eda6bcb8d4822b032951f5d71af2f4258cf1c99490e81bc2daebd47
- SSDEEP
  
  3072:WPIa4nO50c6fPDJCLsLe5z0rsVFMewD0fjhStoWe:WP34nO5k6sLcFMlD0fjhSyn
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2