Resubmissions

17-11-2020 12:01

201117-yzjn4s5cdn 10

18-06-2020 04:28

200618-tg948yvz5n 10

General

  • Target

    System.exe

  • Size

    66KB

  • Sample

    200618-tg948yvz5n

  • MD5

    8d6ab03994b0ce3466873aa7532fe76b

  • SHA1

    156aecd4d8e65d205181ad5eace466c8798d3c86

  • SHA256

    e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62

  • SHA512

    2c1df9fb201b4a750378dfa7029755239167efa51ae4ddc9c5042218a1d01c3bf5557c09faeda4f3f68818082a6f95526d5776d432b5b6774ae2c1c90dc7a84c

Malware Config

Targets

    • Target

      System.exe

    • Size

      66KB

    • MD5

      8d6ab03994b0ce3466873aa7532fe76b

    • SHA1

      156aecd4d8e65d205181ad5eace466c8798d3c86

    • SHA256

      e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62

    • SHA512

      2c1df9fb201b4a750378dfa7029755239167efa51ae4ddc9c5042218a1d01c3bf5557c09faeda4f3f68818082a6f95526d5776d432b5b6774ae2c1c90dc7a84c

    • Hakbit

      Ransomware which encrypts files using AES, first seen in November 2019.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Deletes itself

    • Drops startup file

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Modifies WinLogon

    • Modifies service

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Execution

      Exfiltration

        Initial Access

          Lateral Movement

            Privilege Escalation

              Tasks