Overview

overview

9

Static

static

IRSdeclara...od.exe

windows7_x64

9

IRSdeclara...od.exe

windows10_x64

9

Resubmissions

15-10-2020 13:59

201015-d11m2zjdgs 10

13-03-2020 03:32

200313-8w7dt2yb5n 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IRSdeclaration‮cod.exe

  • Size

    282KB

  • Sample

    200313-8w7dt2yb5n

  • MD5

    fe3fd53ddc7c229b1150d970a05947c0

  • SHA1

    3abeddbbbd29310290955cc7c1a895550c92ab96

  • SHA256

    c414bbb789af8e3fb93b33344b31f1991582ec0f06558b29a3178d2b02465c72

  • SHA512

    8b94e67f48f90d7a0e463a7623ba6f87a5f4108f33587c8f579f29aa3c9b0a22f7e134470824d25dccb552bfc868b18cd3f05ef09aaceef2bab6984c21f203b4

Score
9/10
persistenceransomware

Malware Config

Targets

    • Target

      IRSdeclaration‮cod.exe

    • Size

      282KB

    • MD5

      fe3fd53ddc7c229b1150d970a05947c0

    • SHA1

      3abeddbbbd29310290955cc7c1a895550c92ab96

    • SHA256

      c414bbb789af8e3fb93b33344b31f1991582ec0f06558b29a3178d2b02465c72

    • SHA512

      8b94e67f48f90d7a0e463a7623ba6f87a5f4108f33587c8f579f29aa3c9b0a22f7e134470824d25dccb552bfc868b18cd3f05ef09aaceef2bab6984c21f203b4

    Score
    9/10
    ransomwarepersistence

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Deletes itself

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks