maze | dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13 | Triage

Sharing

General

Target

dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13.bin.dll
Size

351KB
Sample

200824-l3fj1tesns
MD5

d52a2deeb2043e99d02fe19538991c38
SHA1

e9c7b92d3ff73b682ef23caf94ea0903ea095268
SHA256

dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13
SHA512

efedb8fd9614e15ce563ae9768a7b895f928974a606faa8225fd03e5aa5eb65d0c509fd664f8ff6214b30b0f0ac9ad0080ce207eeef032badee2f87ec3472ab2

Score

10^/10

maze persistence ransomware spyware trojan

Malware Config

Targets

- Target
  
  dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13.bin.dll
- Size
  
  351KB
- MD5
  
  d52a2deeb2043e99d02fe19538991c38
- SHA1
  
  e9c7b92d3ff73b682ef23caf94ea0903ea095268
- SHA256
  
  dc0266804bd2bfc83109152fef734d54f7a7d0c09487096a368ae45518d2ca13
- SHA512
  
  efedb8fd9614e15ce563ae9768a7b895f928974a606faa8225fd03e5aa5eb65d0c509fd664f8ff6214b30b0f0ac9ad0080ce207eeef032badee2f87ec3472ab2
Score

10^/10

spyware persistence trojan ransomware maze
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blacklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

spywarepersistencetrojanransomwaremaze

behavioral2