Overview

overview

10

Static

static

6

PIC180168.jpg.js

windows7_x64

10

PIC180168.jpg.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PIC180168.jpg.js.zip

  • Size

    36KB

  • Sample

    200708-nfdqb6kple

  • MD5

    f088fd07a3be8103e0f88ce2c0a380ee

  • SHA1

    9a527bca8086ead97ce375fc983e0066675930d1

  • SHA256

    508ecbe94c4c220f37d3515787221daaa0e897f9b728082c72be80fe355b5ea8

  • SHA512

    be04b1836b442681800cd42eda3026ab5508b7c66ec77c3fe3162e5ca0de2126268bca1f2aa5fc2abf3113a91e0257eeec3518868d49a93301d8c761a9cf86d4

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://217.8.117.63/tspm.exe

Targets

    • Target

      PIC180168.jpg.js

    • Size

      253KB

    • MD5

      2c0a6e6f385e471bdb870a723e33cc4d

    • SHA1

      07415191a13e6943eb2e0f41bdf6cf7acfa70156

    • SHA256

      6389e3c49b6f4009ca0f1631436d481065a3b3cfab7a15a073edbb61dd971c73

    • SHA512

      39ca7bbd702a4aede2f57406d57cf1e7a05128e2723372fe084e7db9bf69594fe904cfd5d6f6a92d4b95fda9edd575d10977a9f8b52ae526fbf19fc204746048

    Score
    10/10
    persistenceevasiontrojanransomware

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks