Overview

overview

7

Static

static

3

2024-04-28...re.exe

windows7-x64

7

2024-04-28...re.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-28_f826928418350daed0959b6fe5837208_bkransomware

  • Size

    11.8MB

  • Sample

    240428-l6rd8adc54

  • MD5

    f826928418350daed0959b6fe5837208

  • SHA1

    5a56cdc748dfb2ba91859f47e7e105ac36fe4654

  • SHA256

    4793380fe37d83f037465b6af4f0d3505679aab76ebe919e49e7eb2a43ec4f2c

  • SHA512

    b7df8ceb0a66bcace5c5d912c19528c25a9742d956b7744fd733adeccb1d48fa22d7d5f60030356384e435cdb8cdd75e1523afd54707792107a728a1ac0b8f88

  • SSDEEP

    196608:h+cpkunept7RjSs9B3XpknY7RU1v5mifvMx3hhF3h8TtHeEGCnhGMwL/drW:h+cpzneprzjZr8pfwdaBevMwL/JW

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      2024-04-28_f826928418350daed0959b6fe5837208_bkransomware

    • Size

      11.8MB

    • MD5

      f826928418350daed0959b6fe5837208

    • SHA1

      5a56cdc748dfb2ba91859f47e7e105ac36fe4654

    • SHA256

      4793380fe37d83f037465b6af4f0d3505679aab76ebe919e49e7eb2a43ec4f2c

    • SHA512

      b7df8ceb0a66bcace5c5d912c19528c25a9742d956b7744fd733adeccb1d48fa22d7d5f60030356384e435cdb8cdd75e1523afd54707792107a728a1ac0b8f88

    • SSDEEP

      196608:h+cpkunept7RjSs9B3XpknY7RU1v5mifvMx3hhF3h8TtHeEGCnhGMwL/drW:h+cpzneprzjZr8pfwdaBevMwL/JW

    Score
    7/10
    persistencespywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks