Overview

overview

9

Static

static

de8a4978d6...2e.exe

windows7_x64

9

de8a4978d6...2e.exe

windows10_x64

9

Resubmissions

24/10/2022, 14:59

221024-sczbashcfl 10

02/06/2020, 00:13

200602-s5zbncbaen 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de8a4978d6541c3abc958757d9fb3909c6cd58447a67877177c3434cb7438e2e.exe

  • Size

    6.0MB

  • Sample

    200602-s5zbncbaen

  • MD5

    df472f90c33e6c341a74fe1ca29dac70

  • SHA1

    d7512488de06b677751014bdc48302c179542558

  • SHA256

    de8a4978d6541c3abc958757d9fb3909c6cd58447a67877177c3434cb7438e2e

  • SHA512

    4257e88d9c6f5eec59d1da6749c386b3859be04159ec37aba2adb3704e5f2ce11ef3adfb086b86d1bea03db300e1d82cab08f266cf6fae4d8f929e71918ddcf9

Score
9/10
discoveryevasionpersistenceransomwarespyware

Malware Config

Targets

    • Target

      de8a4978d6541c3abc958757d9fb3909c6cd58447a67877177c3434cb7438e2e.exe

    • Size

      6.0MB

    • MD5

      df472f90c33e6c341a74fe1ca29dac70

    • SHA1

      d7512488de06b677751014bdc48302c179542558

    • SHA256

      de8a4978d6541c3abc958757d9fb3909c6cd58447a67877177c3434cb7438e2e

    • SHA512

      4257e88d9c6f5eec59d1da6749c386b3859be04159ec37aba2adb3704e5f2ce11ef3adfb086b86d1bea03db300e1d82cab08f266cf6fae4d8f929e71918ddcf9

    Score
    9/10
    persistenceevasionspywareransomwarediscovery

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Drops startup file

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Modifies service

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks