hakbit | e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62 | Triage

Submit
Reports

Overview

overview

Static

static

System.exe

windows7_x64

System.exe

windows10_x64

Resubmissions

17-11-2020 12:01

201117-yzjn4s5cdn 10

18-06-2020 04:28

200618-tg948yvz5n 10

Sharing

General

Target

System.exe
Size

66KB
Sample

200618-tg948yvz5n
MD5

8d6ab03994b0ce3466873aa7532fe76b
SHA1

156aecd4d8e65d205181ad5eace466c8798d3c86
SHA256

e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62
SHA512

2c1df9fb201b4a750378dfa7029755239167efa51ae4ddc9c5042218a1d01c3bf5557c09faeda4f3f68818082a6f95526d5776d432b5b6774ae2c1c90dc7a84c

Score

10^/10

hakbit discovery persistence ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

System.exe

Resource

win7v200430

ransomware hakbit spyware discovery persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

System.exe

Resource

win10

persistence discovery spyware ransomware hakbit

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  System.exe
- Size
  
  66KB
- MD5
  
  8d6ab03994b0ce3466873aa7532fe76b
- SHA1
  
  156aecd4d8e65d205181ad5eace466c8798d3c86
- SHA256
  
  e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62
- SHA512
  
  2c1df9fb201b4a750378dfa7029755239167efa51ae4ddc9c5042218a1d01c3bf5557c09faeda4f3f68818082a6f95526d5776d432b5b6774ae2c1c90dc7a84c
Score

10^/10

ransomware hakbit spyware discovery persistence
- Hakbit
  Ransomware which encrypts files using AES, first seen in November 2019.
  ransomware hakbit
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Deletes itself
- Drops startup file
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Modifies WinLogon
  persistence
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarehakbitspywarediscoverypersistence

behavioral2

persistencediscoveryspywareransomwarehakbit

© 2018-2024

Terms | Privacy