Overview

overview

9

Static

static

de8a4978d6...in.exe

windows7_x64

9

de8a4978d6...in.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de8a4978d6541c3abc958757d9fb3909c6cd58447a67877177c3434cb7438e2e.bin

  • Size

    6.0MB

  • Sample

    201118-msrl4mhev6

  • MD5

    df472f90c33e6c341a74fe1ca29dac70

  • SHA1

    d7512488de06b677751014bdc48302c179542558

  • SHA256

    de8a4978d6541c3abc958757d9fb3909c6cd58447a67877177c3434cb7438e2e

  • SHA512

    4257e88d9c6f5eec59d1da6749c386b3859be04159ec37aba2adb3704e5f2ce11ef3adfb086b86d1bea03db300e1d82cab08f266cf6fae4d8f929e71918ddcf9

Score
9/10
discoveryevasionpersistenceransomwarespyware

Malware Config

Targets

    • Target

      de8a4978d6541c3abc958757d9fb3909c6cd58447a67877177c3434cb7438e2e.bin

    • Size

      6.0MB

    • MD5

      df472f90c33e6c341a74fe1ca29dac70

    • SHA1

      d7512488de06b677751014bdc48302c179542558

    • SHA256

      de8a4978d6541c3abc958757d9fb3909c6cd58447a67877177c3434cb7438e2e

    • SHA512

      4257e88d9c6f5eec59d1da6749c386b3859be04159ec37aba2adb3704e5f2ce11ef3adfb086b86d1bea03db300e1d82cab08f266cf6fae4d8f929e71918ddcf9

    Score
    9/10
    discoveryevasionpersistenceransomwarespyware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Drops startup file

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Modifies service

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Deletion

2
T1107

File Permissions Modification

1
T1222

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks