Overview

overview

8

Static

static

bdb77b2f35...in.exe

windows7_x64

bdb77b2f35...in.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d27264a659cc593d5c936a36942835450b97aacf12b7b1673dc1afc01b420ef.zip

  • Size

    6KB

  • Sample

    200907-ynlxad5wgj

  • MD5

    6435b4b22e01578da4c49d3c1df9907e

  • SHA1

    eedbb328487b89d6c954bba025e3b5a99bb948d0

  • SHA256

    3967b6142d993dc3f9e2c85a1a65c0db56c612362789e42a92872789e2ad54cd

  • SHA512

    4333cb7f355e931e5254633802b1d4dc6657718734de2a29c062eba1db3fc8ff12eaf8f6433f65798ac6b4eb1c3ab639d35462891af8d8edf86595bbfd6d26e8

Score
8/10
bootkitpersistenceransomware

Malware Config

Targets

    • Target

      bdb77b2f35c0f3e79853ea7f8bdf5b29.in

    • Size

      14KB

    • MD5

      bdb77b2f35c0f3e79853ea7f8bdf5b29

    • SHA1

      72de04ee453d053c98ee3047574b0cf6c23b0d33

    • SHA256

      4d27264a659cc593d5c936a36942835450b97aacf12b7b1673dc1afc01b420ef

    • SHA512

      c2bb90612d76c3f572c1c62c9ecb1abf9581aebfcf07f459ad79bc7910480e6f5628af8f1deed54162ad070d759b2f237cadd2ce17c21318f275e8793d06ae74

    Score
    8/10
    persistenceransomwarebootkit

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks