e6cd1af91356aeab2550acec945681ed5e82eb9660936b4f4e73509c0c602aae | Triage

Resubmissions

17-01-2021 17:17

210117-b2cpxhh15x 8

07-01-2021 16:41

210107-w4e2crkbb6 8

Sharing

General

Target

VTPatcher.exe
Size

123KB
Sample

210117-b2cpxhh15x
MD5

887f4256e86487df513fc0f91f5e6cb7
SHA1

892ca49a0108af495a31fd6d225915d62ec2d136
SHA256

e6cd1af91356aeab2550acec945681ed5e82eb9660936b4f4e73509c0c602aae
SHA512

123c19f36c19b93f216a56b394fd4c4ffaf1ae18438b8d916e5278d5355b7b20a9a7f12f56dacd6d741932ef5d036304b966aa93f540578f177961453e229915

Score

8^/10

bootkit ransomware

Malware Config

Targets

- Target
  
  VTPatcher.exe
- Size
  
  123KB
- MD5
  
  887f4256e86487df513fc0f91f5e6cb7
- SHA1
  
  892ca49a0108af495a31fd6d225915d62ec2d136
- SHA256
  
  e6cd1af91356aeab2550acec945681ed5e82eb9660936b4f4e73509c0c602aae
- SHA512
  
  123c19f36c19b93f216a56b394fd4c4ffaf1ae18438b8d916e5278d5355b7b20a9a7f12f56dacd6d741932ef5d036304b966aa93f540578f177961453e229915
Score

8^/10

bootkit ransomware
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitransomware