hiddentear | 53fd929034ec71904be8ef06d4c42f2467997f16364431cb3e46a24d82bdaf6f | Triage

Submit
Reports

Overview

overview

Static

static

software-l...r8.exe

windows7_x64

software-l...r8.exe

windows10_x64

Sharing

General

Target

software-launcher8
Size

338KB
Sample

200903-lr21ndnvna
MD5

26cae6fdb074d2e30002351c40aa2b58
SHA1

315dfcb400f3fb36220a91fd9f8b9200366eca56
SHA256

53fd929034ec71904be8ef06d4c42f2467997f16364431cb3e46a24d82bdaf6f
SHA512

d00c0e9a3a5fb93f45b7ddf176fda720ccc6e23dbb0615c63222bdacce2c7f15cb8821488141bf5d4452c4a015f0b6704ce2beda4910a4e8509576fc04425b94

Score

10^/10

hiddentear ransomware

Static task

static1

Behavioral task

behavioral1

Sample

software-launcher8.exe

Resource

win7

ransomware hiddentear

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

software-launcher8.exe

Resource

win10

ransomware hiddentear

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  software-launcher8
- Size
  
  338KB
- MD5
  
  26cae6fdb074d2e30002351c40aa2b58
- SHA1
  
  315dfcb400f3fb36220a91fd9f8b9200366eca56
- SHA256
  
  53fd929034ec71904be8ef06d4c42f2467997f16364431cb3e46a24d82bdaf6f
- SHA512
  
  d00c0e9a3a5fb93f45b7ddf176fda720ccc6e23dbb0615c63222bdacce2c7f15cb8821488141bf5d4452c4a015f0b6704ce2beda4910a4e8509576fc04425b94
Score

10^/10

ransomware hiddentear
- HiddenTear Ransomware
  Open-Source ransomware available on Github since 2015, with many versions in the wild.
  ransomware hiddentear
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarehiddentear

behavioral2

ransomwarehiddentear

© 2018-2024

Terms | Privacy