General
-
Target
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024
-
Size
423KB
-
Sample
201109-jzbbrsex6s
-
MD5
055c2fba242d03ae153be4a796c55ae2
-
SHA1
be71b94e30d5465d8b72e1fc7c0137024f97baee
-
SHA256
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024
-
SHA512
20b31f6db488d26c1f7564106e455a77461e8a9934718e72c6c917e3ec688a9a597a05f1b93584fd88d3e867f09a470eb90094e27c2525939894973d31498890
Static task
static1
Behavioral task
behavioral1
Sample
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt
hakbit
daaaataaaaa@protonmail.com
1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9
Extracted
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt
hakbit
daaaataaaaa@protonmail.com
1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9
Targets
-
-
Target
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024
-
Size
423KB
-
MD5
055c2fba242d03ae153be4a796c55ae2
-
SHA1
be71b94e30d5465d8b72e1fc7c0137024f97baee
-
SHA256
4984825fb21206a2f2df5d2c84794f0ac4edea3c48d32e9284338d7082d55024
-
SHA512
20b31f6db488d26c1f7564106e455a77461e8a9934718e72c6c917e3ec688a9a597a05f1b93584fd88d3e867f09a470eb90094e27c2525939894973d31498890
Score10/10-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Modifies service
-
MITRE ATT&CK Matrix
Collection
Data from Local System
1Command and Control
Credential Access
Credentials in Files
1Discovery
Query Registry
1System Information Discovery
1Peripheral Device Discovery
1Execution
Exfiltration
Initial Access
Lateral Movement
Privilege Escalation