t1happy | 84c88686a52f325a239aec45635ec9adc85bfabcb9888658eecbca1bd9757a7b | Triage

Submit
Reports

Overview

overview

Static

static

84c88686a5...7b.exe

windows7_x64

84c88686a5...7b.exe

windows10_x64

Sharing

General

Target

84c88686a52f325a239aec45635ec9adc85bfabcb9888658eecbca1bd9757a7b.exe
Size

34KB
Sample

200420-k5a1rczmbj
MD5

fcf5c8e8a180c66e15ea22128dd0adfb
SHA1

d4f0c114ffe12e343739fb837d24dc31dfab985c
SHA256

84c88686a52f325a239aec45635ec9adc85bfabcb9888658eecbca1bd9757a7b
SHA512

f06645c73bfc87061c4561b8cacb6c782493e5d39cd29971d71b0c38578296b81f9c2b54ca0415e15e5fd49755b7fa612f244b9e68fe8f21fc9db60c5f89b2e9

Score

10^/10

t1happy persistence ransomware spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

84c88686a52f325a239aec45635ec9adc85bfabcb9888658eecbca1bd9757a7b.exe

Resource

win7v200410

persistence trojan ransomware t1happy spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

84c88686a52f325a239aec45635ec9adc85bfabcb9888658eecbca1bd9757a7b.exe

Resource

win10v200410

spyware trojan ransomware t1happy persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  84c88686a52f325a239aec45635ec9adc85bfabcb9888658eecbca1bd9757a7b.exe
- Size
  
  34KB
- MD5
  
  fcf5c8e8a180c66e15ea22128dd0adfb
- SHA1
  
  d4f0c114ffe12e343739fb837d24dc31dfab985c
- SHA256
  
  84c88686a52f325a239aec45635ec9adc85bfabcb9888658eecbca1bd9757a7b
- SHA512
  
  f06645c73bfc87061c4561b8cacb6c782493e5d39cd29971d71b0c38578296b81f9c2b54ca0415e15e5fd49755b7fa612f244b9e68fe8f21fc9db60c5f89b2e9
Score

10^/10

persistence trojan ransomware t1happy spyware
- T1Happy
  T1Happy ransomware is a cryptovirus that behaves different than its counterparts.
  trojan ransomware t1happy
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistencetrojanransomwaret1happyspyware

behavioral2

spywaretrojanransomwaret1happypersistence

© 2018-2024

Terms | Privacy