thanos | 58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f | Triage

Submit
Reports

Overview

overview

Static

static

58bfb9fa88...1f.exe

windows7_x64

58bfb9fa88...1f.exe

windows10_x64

Sharing

General

Target

58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f
Size

82KB
Sample

200903-c6hj8qcw36
MD5

e01e11dca5e8b08fc8231b1cb6e2048c
SHA1

4983d07f004436caa3f10b38adacbba6a4ede01a
SHA256

58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f
SHA512

298bfb9fe55ddd80f1c6671622d7e9e865899a855b5bb8e0d85d8520160cedca6fd8bc72c9881925477bcab883bf6e6f4c69f997b774b74fe992e023a81269de

Score

10^/10

thanos evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.exe

Resource

win7v200722

ransomware evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.exe

Resource

win10v200722

evasion persistence ransomware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f
- Size
  
  82KB
- MD5
  
  e01e11dca5e8b08fc8231b1cb6e2048c
- SHA1
  
  4983d07f004436caa3f10b38adacbba6a4ede01a
- SHA256
  
  58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f
- SHA512
  
  298bfb9fe55ddd80f1c6671622d7e9e865899a855b5bb8e0d85d8520160cedca6fd8bc72c9881925477bcab883bf6e6f4c69f997b774b74fe992e023a81269de
Score

10^/10

ransomware evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Windows security modification
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwareevasionpersistencetrojan

behavioral2

evasionpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy