1d28929f9b02c36ab2c65f916eb2d3b4bd36957c1dee8144a70d51d99d1da9d8 | Triage

Submit
Reports

Overview

overview

8

Static

static

ransomware

windows7_x64

8

Resubmissions

14/06/2020, 05:31

200614-naxxd61ea6 8

Sharing

General

Target

github.exe
Size

26KB
Sample

200614-naxxd61ea6
MD5

bdd14abd6825eb1c3c4b1c71d65a637c
SHA1

a88c9f6cf48c95356a8bc339ef64497127f881a9
SHA256

1d28929f9b02c36ab2c65f916eb2d3b4bd36957c1dee8144a70d51d99d1da9d8
SHA512

8e22bc72091af2e3a931d06bb6fa2e106618784379dd9ea988654c34232104533a50b2e0125650585424a94fa2d4cdf54590ffdbc0c4d66b57a3b647a4e77eb3

Score

8^/10

evasion persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

github.exe

Resource

win7v200430

persistence spyware evasion trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  github.exe
- Size
  
  26KB
- MD5
  
  bdd14abd6825eb1c3c4b1c71d65a637c
- SHA1
  
  a88c9f6cf48c95356a8bc339ef64497127f881a9
- SHA256
  
  1d28929f9b02c36ab2c65f916eb2d3b4bd36957c1dee8144a70d51d99d1da9d8
- SHA512
  
  8e22bc72091af2e3a931d06bb6fa2e106618784379dd9ea988654c34232104533a50b2e0125650585424a94fa2d4cdf54590ffdbc0c4d66b57a3b647a4e77eb3
Score

8^/10

persistence spyware evasion trojan
- Drops file in Drivers directory
- Modifies Installed Components in the registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywareevasiontrojan

© 2018-2025

Terms | Privacy