f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093 | Triage

Submit
Reports

Overview

overview

9

Static

static

6

f0fbd0654d...le.exe

windows7_x64

9

f0fbd0654d...le.exe

windows10_x64

9

Resubmissions

19-11-2020 14:39

201119-59epbrqadx 10

19-11-2020 14:22

201119-ff99dc42e6 10

19-11-2020 14:16

201119-298y5e8ncj 9

Sharing

General

Target

f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093.bin.sample
Size

1.8MB
Sample

201119-298y5e8ncj
MD5

10d7151b9ee53b8da8ee6f85001ffb20
SHA1

76d33ef58ea7b012342d975d871db64840da9675
SHA256

f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093
SHA512

1c6d2d7f509b462b5d48db61817ee42a7204d10141c59394eb190d0dba733b831a6344bb85197dfac358939379e640c9f38732d376e28f92e187806ca574d10f

Score

9^/10

persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093.bin.sample.exe

Resource

win7v20201028

persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093.bin.sample.exe

Resource

win10v20201028

persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093.bin.sample
- Size
  
  1.8MB
- MD5
  
  10d7151b9ee53b8da8ee6f85001ffb20
- SHA1
  
  76d33ef58ea7b012342d975d871db64840da9675
- SHA256
  
  f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093
- SHA512
  
  1c6d2d7f509b462b5d48db61817ee42a7204d10141c59394eb190d0dba733b831a6344bb85197dfac358939379e640c9f38732d376e28f92e187806ca574d10f
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomware

© 2018-2024

Terms | Privacy