83f8eab566ff9409a06a3dcd4fcd7c634c73740a5595e84e47c389f6a1a6a617 | Triage

Sharing

General

Target

26ebdda500de80766d1d4d080d608d6e3ee48a78401c1084f0c2399f1605c7c2.zip
Size

673KB
Sample

200614-h94t4jhstn
MD5

0e36b5951d087292b7433765e7b36c63
SHA1

8d164a88f95a0281879a3e3aa6584380a0d832e5
SHA256

83f8eab566ff9409a06a3dcd4fcd7c634c73740a5595e84e47c389f6a1a6a617
SHA512

707d6468c8849402d5284a87e5ba52750b9b28d63dfaf9c5687ce7e6eafa569cec5bc64ec2acce949f288ff6d58f714609b832e7725fd68728bf67ab42acc824

Score

8^/10

bootkit evasion ransomware spyware trojan

Malware Config

Targets

- Target
  
  26ebdda500de80766d1d4d080d608d6e3ee48a78401c1084f0c2399f1605c7c2
- Size
  
  2.3MB
- MD5
  
  2bf8e0f5e1a64f12b61bbaf128f7bab2
- SHA1
  
  29295711239ccc21fcd21e95c0ce5f4f3a436490
- SHA256
  
  26ebdda500de80766d1d4d080d608d6e3ee48a78401c1084f0c2399f1605c7c2
- SHA512
  
  f11573aebae4745b298d25d863ecf28ce2bb0d13275fdf98b568be5b79e5e1941426f0e289d6553cab475a96e16221da70c6649f3c7ae1a45ed4d63eedcc5d2b
Score

8^/10

ransomware bootkit evasion spyware trojan
- Disables Task Manager via registry modification
  evasion
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Modifies system certificate store
  evasion spyware trojan
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

ransomwarebootkitevasionspywaretrojan

behavioral2

evasionransomwarebootkit