Overview

overview

8

Static

static

6

sample.exe

windows7_x64

sample.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16015c33b2b39392a2776d1c0e5917d0051483ab0e473679447798e0fc5e65b0.bin.sample.gz

  • Size

    2.0MB

  • Sample

    201205-h9f9hqyqpa

  • MD5

    09934f9203e13419a6ddc44c64ed73a3

  • SHA1

    7912922e519e3baaf40e2df609db2c08902587dc

  • SHA256

    73509194fbb3ff4cd6113e17668c6f9ad5a8ec1a12d3fc24e024924e5d87aa58

  • SHA512

    ea120c1802ed31867ce6f91c5031855f258d57972bfedf9134444b30d56427a433fd96a2f8392704ec1b95731846c6e90ca6f87ebfc2c2a7800ea1bd6d4c8f83

Score
8/10
bootkitransomwarespyware

Malware Config

Targets

    • Target

      sample

    • Size

      5.1MB

    • MD5

      3a92b81cf885e960e1449ef9afaa0534

    • SHA1

      4a44220eef6874036c0413be132bb5a21d71d2ff

    • SHA256

      16015c33b2b39392a2776d1c0e5917d0051483ab0e473679447798e0fc5e65b0

    • SHA512

      97d32f84b56e872109ca21b7a1b183c33a3f721878962819247b74bbef400bde9638dfc006905f2cfc2c8903d0974f9783c7cc8693e189a46af00bcecf8bb7e1

    Score
    8/10
    ransomwarespywarebootkit

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks