3d09aa1414bbacbfb9c1b5b602d13f2ce8861d1cbb506f0afb092bf21feb5580 | Triage

Sharing

General

Target

Wincale.exe
Size

155KB
Sample

240904-vqqmesvfqg
MD5

b98c92f8a1b5967e47e783382bd5aa85
SHA1

da98dab852c4a557bcd4d885496db302af74a3fa
SHA256

3d09aa1414bbacbfb9c1b5b602d13f2ce8861d1cbb506f0afb092bf21feb5580
SHA512

ce8590e1dd1877c773f4597c8a64d08e5e145354a6e770ebd9a76f829673842df96630d05154ac74da2263795d69679af66b8ccf2bb0680efb6b808e615344db
SSDEEP

3072:TahKyd2n31G5GWp1icKAArDZz4N9GhbkrNEkYqxk:TahO+p0yN90QE7

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  Wincale.exe
- Size
  
  155KB
- MD5
  
  b98c92f8a1b5967e47e783382bd5aa85
- SHA1
  
  da98dab852c4a557bcd4d885496db302af74a3fa
- SHA256
  
  3d09aa1414bbacbfb9c1b5b602d13f2ce8861d1cbb506f0afb092bf21feb5580
- SHA512
  
  ce8590e1dd1877c773f4597c8a64d08e5e145354a6e770ebd9a76f829673842df96630d05154ac74da2263795d69679af66b8ccf2bb0680efb6b808e615344db
- SSDEEP
  
  3072:TahKyd2n31G5GWp1icKAArDZz4N9GhbkrNEkYqxk:TahO+p0yN90QE7
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1