Resubmissions

15-10-2020 13:59

201015-d11m2zjdgs 10

13-03-2020 03:32

200313-8w7dt2yb5n 9

General

  • Target

    IRSdeclaration‮cod.exe

  • Size

    282KB

  • Sample

    200313-8w7dt2yb5n

  • MD5

    fe3fd53ddc7c229b1150d970a05947c0

  • SHA1

    3abeddbbbd29310290955cc7c1a895550c92ab96

  • SHA256

    c414bbb789af8e3fb93b33344b31f1991582ec0f06558b29a3178d2b02465c72

  • SHA512

    8b94e67f48f90d7a0e463a7623ba6f87a5f4108f33587c8f579f29aa3c9b0a22f7e134470824d25dccb552bfc868b18cd3f05ef09aaceef2bab6984c21f203b4

Malware Config

Targets

    • Target

      IRSdeclaration‮cod.exe

    • Size

      282KB

    • MD5

      fe3fd53ddc7c229b1150d970a05947c0

    • SHA1

      3abeddbbbd29310290955cc7c1a895550c92ab96

    • SHA256

      c414bbb789af8e3fb93b33344b31f1991582ec0f06558b29a3178d2b02465c72

    • SHA512

      8b94e67f48f90d7a0e463a7623ba6f87a5f4108f33587c8f579f29aa3c9b0a22f7e134470824d25dccb552bfc868b18cd3f05ef09aaceef2bab6984c21f203b4

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Deletes itself

    • Modifies service

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Impact

Inhibit System Recovery

2
T1490

Tasks