suncrypt | 3090bff3d16b0b150444c3bfb196229ba0ab0b6b826fa306803de0192beddb80 | Triage

Resubmissions

17-09-2020 15:35

200917-35p4dy1zb6 10

17-09-2020 15:29

200917-77hjbe43r6 3

Sharing

General

Target

3090bff3d16b0b150444c3bfb196229ba0ab0b6b826fa306803de0192beddb80.ps1
Size

1.4MB
Sample

200917-35p4dy1zb6
MD5

d87fcd8d2bf450b0056a151e9a116f72
SHA1

48cb6bdbe092e5a90c778114b2dda43ce3221c9f
SHA256

3090bff3d16b0b150444c3bfb196229ba0ab0b6b826fa306803de0192beddb80
SHA512

61a636aca3d224dcd2ed29ca000cf0ecf88f51ffd7cb5182ea4599c9e889cb74b78824d93c7383457bd6d591506202527d44c6a15c93a9ab9cfc8230faddd04b

Score

10^/10

suncrypt persistence ransomware spyware

Malware Config

Targets

- Target
  
  3090bff3d16b0b150444c3bfb196229ba0ab0b6b826fa306803de0192beddb80.ps1
- Size
  
  1.4MB
- MD5
  
  d87fcd8d2bf450b0056a151e9a116f72
- SHA1
  
  48cb6bdbe092e5a90c778114b2dda43ce3221c9f
- SHA256
  
  3090bff3d16b0b150444c3bfb196229ba0ab0b6b826fa306803de0192beddb80
- SHA512
  
  61a636aca3d224dcd2ed29ca000cf0ecf88f51ffd7cb5182ea4599c9e889cb74b78824d93c7383457bd6d591506202527d44c6a15c93a9ab9cfc8230faddd04b
Score

10^/10

spyware ransomware suncrypt persistence
- SunCrypt Ransomware
  Family which threatens to leak data alongside encrypting files. Has claimed to be collaborating with the Maze ransomware group.
  ransomware suncrypt
- Blacklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywareransomwaresuncryptpersistence

behavioral2

spywareransomwaresuncryptpersistence