Resubmissions

17-11-2020 12:01

201117-yzjn4s5cdn 10

18-06-2020 04:28

200618-tg948yvz5n 10

General

  • Target

    System.exe

  • Size

    66KB

  • Sample

    201117-yzjn4s5cdn

  • MD5

    8d6ab03994b0ce3466873aa7532fe76b

  • SHA1

    156aecd4d8e65d205181ad5eace466c8798d3c86

  • SHA256

    e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62

  • SHA512

    2c1df9fb201b4a750378dfa7029755239167efa51ae4ddc9c5042218a1d01c3bf5557c09faeda4f3f68818082a6f95526d5776d432b5b6774ae2c1c90dc7a84c

Malware Config

Targets

    • Target

      System.exe

    • Size

      66KB

    • MD5

      8d6ab03994b0ce3466873aa7532fe76b

    • SHA1

      156aecd4d8e65d205181ad5eace466c8798d3c86

    • SHA256

      e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62

    • SHA512

      2c1df9fb201b4a750378dfa7029755239167efa51ae4ddc9c5042218a1d01c3bf5557c09faeda4f3f68818082a6f95526d5776d432b5b6774ae2c1c90dc7a84c

    • Hakbit

      Ransomware which encrypts files using AES, first seen in November 2019.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Deletes itself

    • Drops startup file

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.