Overview

overview

10

Static

static

ฺฺฺK...ฺฺ

windows10_x64

10

ฺฺฺK...ฺฺ

windows7_x64

10

Resubmissions

17-11-2020 12:01

201117-yzjn4s5cdn 10

18-06-2020 04:28

200618-tg948yvz5n 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    System.exe

  • Size

    66KB

  • Sample

    201117-yzjn4s5cdn

  • MD5

    8d6ab03994b0ce3466873aa7532fe76b

  • SHA1

    156aecd4d8e65d205181ad5eace466c8798d3c86

  • SHA256

    e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62

  • SHA512

    2c1df9fb201b4a750378dfa7029755239167efa51ae4ddc9c5042218a1d01c3bf5557c09faeda4f3f68818082a6f95526d5776d432b5b6774ae2c1c90dc7a84c

Score
10/10
hakbitdiscoverypersistenceransomwarespyware

Malware Config

Targets

    • Target

      System.exe

    • Size

      66KB

    • MD5

      8d6ab03994b0ce3466873aa7532fe76b

    • SHA1

      156aecd4d8e65d205181ad5eace466c8798d3c86

    • SHA256

      e5242266d9fc1e27e583a920ff6b9ff445c0942793ed80a92d5c5b6792d25f62

    • SHA512

      2c1df9fb201b4a750378dfa7029755239167efa51ae4ddc9c5042218a1d01c3bf5557c09faeda4f3f68818082a6f95526d5776d432b5b6774ae2c1c90dc7a84c

    Score
    10/10
    hakbitdiscoverypersistenceransomwarespyware

    • Hakbit

      Ransomware which encrypts files using AES, first seen in November 2019.

      ransomwarehakbit

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Deletes itself

    • Drops startup file

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks