General
-
Target
2.exe
-
Size
219KB
-
Sample
200708-hsgsxedxza
-
MD5
5116860b5832dd3e91b6a448710ec54b
-
SHA1
a38d794fe7f1d8a30019f2821fce98eac545c38b
-
SHA256
57eab146f612a387a6d0db7073f200742634a31cc78dda6f59cfdc8996ddca4a
-
SHA512
8303be2165838ca4f3496e47346e497af68ab0a664d2a17a4c0d9fdfbfc5f29e8e3984507d4c01bf09ae4875345f79bc0efc733dfde4834cb6d147d3e215d28b
Static task
static1
Behavioral task
behavioral1
Sample
2.exe
Resource
win7
Behavioral task
behavioral2
Sample
2.exe
Resource
win10v200430
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\readme-warning.txt
makop
akzhq00705@protonmail.com
Targets
-
-
Target
2.exe
-
Size
219KB
-
MD5
5116860b5832dd3e91b6a448710ec54b
-
SHA1
a38d794fe7f1d8a30019f2821fce98eac545c38b
-
SHA256
57eab146f612a387a6d0db7073f200742634a31cc78dda6f59cfdc8996ddca4a
-
SHA512
8303be2165838ca4f3496e47346e497af68ab0a664d2a17a4c0d9fdfbfc5f29e8e3984507d4c01bf09ae4875345f79bc0efc733dfde4834cb6d147d3e215d28b
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes system backup catalog
Ransomware often tries to delete backup files to inhibit system recovery.
-
Modifies Installed Components in the registry
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies service
-