General

  • Target

    772c627fc0b70e0454ff2e5464b9ee713a44a35298deba43f420e4fd21a0aeae.bin.zip

  • Size

    30.7MB

  • Sample

    210130-z5cx8xcxba

  • MD5

    8e300d80dcfdac172b7aabb2ed62cbb5

  • SHA1

    b0dd5048ef41dab940d47fac19290197e34cd77c

  • SHA256

    05fbedef56f8cf1b12e719ffca3136ef15d8d3696009ecf884d2b71fd8094953

  • SHA512

    a4384c514b7182aa023e2ee1c132bc95db091269f4a1c9d1beaea9322d4a205381c7beae937f0d16a52589f8b927741a01610977b55c8e54b5ee18d9924b817e

Malware Config

Targets

    • Target

      772c627fc0b70e0454ff2e5464b9ee713a44a35298deba43f420e4fd21a0aeae.bin

    • Size

      31.3MB

    • MD5

      fa9649ba7f76190701b2f1ffaaf4d0df

    • SHA1

      dac66a285e89ee98cb84488df21f8c43c4acb5d3

    • SHA256

      772c627fc0b70e0454ff2e5464b9ee713a44a35298deba43f420e4fd21a0aeae

    • SHA512

      9868a1cc7e9bf361c1d93bad871b88fae0f3c3fa1f15dce1d386f1e78fbda913d30ffd3d407706a34043357727e7db560924ffbd7e1ec4bc5dada7c9e74f6c11

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.