hiddentear | 53fd929034ec71904be8ef06d4c42f2467997f16364431cb3e46a24d82bdaf6f | Triage

Submit
Reports

Overview

overview

Static

static

software-l...r8.exe

windows7_x64

software-l...r8.exe

windows10_x64

Sharing

General

Target

software-launcher8
Size

338KB
Sample

200903-lr21ndnvna
MD5

26cae6fdb074d2e30002351c40aa2b58
SHA1

315dfcb400f3fb36220a91fd9f8b9200366eca56
SHA256

53fd929034ec71904be8ef06d4c42f2467997f16364431cb3e46a24d82bdaf6f
SHA512

d00c0e9a3a5fb93f45b7ddf176fda720ccc6e23dbb0615c63222bdacce2c7f15cb8821488141bf5d4452c4a015f0b6704ce2beda4910a4e8509576fc04425b94

Score

10^/10

hiddentear ransomware

Static task

static1

Behavioral task

behavioral1

Sample

software-launcher8.exe

Resource

win7

ransomware hiddentear

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

software-launcher8.exe

Resource

win10

ransomware hiddentear

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  software-launcher8
- Size
  
  338KB
- MD5
  
  26cae6fdb074d2e30002351c40aa2b58
- SHA1
  
  315dfcb400f3fb36220a91fd9f8b9200366eca56
- SHA256
  
  53fd929034ec71904be8ef06d4c42f2467997f16364431cb3e46a24d82bdaf6f
- SHA512
  
  d00c0e9a3a5fb93f45b7ddf176fda720ccc6e23dbb0615c63222bdacce2c7f15cb8821488141bf5d4452c4a015f0b6704ce2beda4910a4e8509576fc04425b94
Score

10^/10

ransomware hiddentear
- HiddenTear Ransomware
  Open-Source ransomware available on Github since 2015, with many versions in the wild.
  ransomware hiddentear
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ransomwarehiddentear

behavioral2

ransomwarehiddentear

© 2018-2024

Terms | Privacy