Overview
overview
10Static
static
8009645c628...78.dll
windows7_x64
8009645c628...78.dll
windows10_x64
8016250b7d6...f2.exe
windows7_x64
9016250b7d6...f2.exe
windows10_x64
902815b72ed...89.exe
windows7_x64
802815b72ed...89.exe
windows10_x64
1002835ece10...1a.dll
windows7_x64
102835ece10...1a.dll
windows10_x64
802922c5d99...70.exe
windows7_x64
802922c5d99...70.exe
windows10_x64
803aafc5f46...e5.exe
windows7_x64
803aafc5f46...e5.exe
windows10_x64
80444af2664...c1.dll
windows7_x64
10444af2664...c1.dll
windows10_x64
105e2912f2a...20.exe
windows7_x64
105e2912f2a...20.exe
windows10_x64
1General
-
Target
Samples.zip
-
Size
94.6MB
-
Sample
210206-d9f68dxjxx
-
MD5
6b1a50b50494b4f2ec0dda7b5c3d601c
-
SHA1
d060479eb855c85d7ca7798f7e91658ef37455b6
-
SHA256
dacfdf48b63d28fd4f013384825ad9706851abb90227cf0eed020d52d20602d6
-
SHA512
e8c1b909654be5186b788c4845c956190f962db18e6a9b7dc9af658f9d78df71e84828f6e932c4067f1d214178ecb032b9c69efe2d1f974b02e306fdf1b2f6a7
Static task
static1
Behavioral task
behavioral1
Sample
009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78.dll
Resource
win10v20201028
Behavioral task
behavioral3
Sample
016250b7d62e49ba386404cc6db38cb65323d26cf80bc94e2810d5ab9e59fff2.exe
Resource
win7v20201028
Behavioral task
behavioral4
Sample
016250b7d62e49ba386404cc6db38cb65323d26cf80bc94e2810d5ab9e59fff2.exe
Resource
win10v20201028
Behavioral task
behavioral5
Sample
02815b72ed3449fd6004e007940ea8a8ab09bae4132739a4c7c705c2db0a1f89.exe
Resource
win7v20201028
Behavioral task
behavioral6
Sample
02815b72ed3449fd6004e007940ea8a8ab09bae4132739a4c7c705c2db0a1f89.exe
Resource
win10v20201028
Behavioral task
behavioral7
Sample
02835ece100bb06ed759f9fa434151870e39c3ad1e429c6aace838e918b43a1a.dll
Resource
win7v20201028
Behavioral task
behavioral8
Sample
02835ece100bb06ed759f9fa434151870e39c3ad1e429c6aace838e918b43a1a.dll
Resource
win10v20201028
Behavioral task
behavioral9
Sample
02922c5d994e81629d650be2a00507ec5ca221a501fe3827b5ed03b4d9f4fb70.exe
Resource
win7v20201028
Behavioral task
behavioral10
Sample
02922c5d994e81629d650be2a00507ec5ca221a501fe3827b5ed03b4d9f4fb70.exe
Resource
win10v20201028
Behavioral task
behavioral11
Sample
03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5.exe
Resource
win7v20201028
Behavioral task
behavioral12
Sample
03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5.exe
Resource
win10v20201028
Behavioral task
behavioral13
Sample
0444af26647e6ca5ad5d0e1c48401a17ccbd162bf60dd37e5ace9e8be63a3ac1.dll
Resource
win7v20201028
Behavioral task
behavioral14
Sample
0444af26647e6ca5ad5d0e1c48401a17ccbd162bf60dd37e5ace9e8be63a3ac1.dll
Resource
win10v20201028
Behavioral task
behavioral15
Sample
05e2912f2a593ba16a5a094d319d96715cbecf025bf88bb0293caaf6beb8bc20.exe
Resource
win7v20201028
Behavioral task
behavioral16
Sample
05e2912f2a593ba16a5a094d319d96715cbecf025bf88bb0293caaf6beb8bc20.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78
-
Size
1.3MB
-
MD5
8d20017f576fbd58cce25637d29826ca
-
SHA1
cb56904366c53281e3c03f2a5dc4445dd5e82b98
-
SHA256
009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78
-
SHA512
643dc6ba2f7e77168aac3e763c9d2b3ee6af46d450fea3ff22f0b02c295e0a4e054d6089135a060833f8f0eb5987128aa31ee7534b0988c40dfcbfd48e697d4c
Score8/10-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
016250b7d62e49ba386404cc6db38cb65323d26cf80bc94e2810d5ab9e59fff2
-
Size
625KB
-
MD5
8349691b6c37d9e5fa75ee6365b40bf5
-
SHA1
4530be5b70f709d4445604148feaae73993215fe
-
SHA256
016250b7d62e49ba386404cc6db38cb65323d26cf80bc94e2810d5ab9e59fff2
-
SHA512
fe018c0efbb76bc14335fd2c18f554d6f7ee954acd5acff9d84da79fc0f92d65463ff8989b2f05a76847801c53bc8d0b6e6c70e6dfb48038cb8b0525aa29ca2c
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
-
-
Target
02815b72ed3449fd6004e007940ea8a8ab09bae4132739a4c7c705c2db0a1f89
-
Size
140KB
-
MD5
75c775cbfaf9bd40c504c3737e93fafd
-
SHA1
6bc094422cc012d99f260f9e7d1c25bcd25f84b2
-
SHA256
02815b72ed3449fd6004e007940ea8a8ab09bae4132739a4c7c705c2db0a1f89
-
SHA512
faec889de5e3519034f0bf3cde767cedda060f585671016c94d08c4245709a3110c0655c277f93e91a680ec4595a1ab744554bf36278035b99b6b81d49c88f7e
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
-
-
Target
02835ece100bb06ed759f9fa434151870e39c3ad1e429c6aace838e918b43a1a
-
Size
239KB
-
MD5
ce3eecc1cc27e753b3eeae50074c3edd
-
SHA1
8974741248035ea33c82234f60f95f7dc89620aa
-
SHA256
02835ece100bb06ed759f9fa434151870e39c3ad1e429c6aace838e918b43a1a
-
SHA512
0235c65316b76d9885c260e20fb8a5b655e71e3d0ffd6f84f425225ab6bdd261ae8c497e0eb819682b9d81e65e90baeb107447bde17347ce305797b0fee3730f
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
-
-
Target
02922c5d994e81629d650be2a00507ec5ca221a501fe3827b5ed03b4d9f4fb70
-
Size
759KB
-
MD5
d4bc7b620ab9ee2ded2ac783ad77dd6d
-
SHA1
cf658a17824bc2f247807b7d38a0c581eb968f4e
-
SHA256
02922c5d994e81629d650be2a00507ec5ca221a501fe3827b5ed03b4d9f4fb70
-
SHA512
2cec4072ae807a8d6803b6207e16cb63a579ab0248c9c16f8e5d578ca57138b6d451440adfacf275690160606c5bff8b1532b827a4e189ec92651c80f13e8e95
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5
-
Size
1.2MB
-
MD5
28af0e2520713b81659c95430220d2b9
-
SHA1
56dee9cc02f6165314ca2306667c43c58b62c047
-
SHA256
03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5
-
SHA512
65a540974359210623ce0e17bfa085d1533cd402d9dfd1cdd3be08678d5e1a9a944fa01c0a8cdc7081e9ff1959be2d84b58d61eb4ed250fcf1b4c068b4d5fba3
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
0444af26647e6ca5ad5d0e1c48401a17ccbd162bf60dd37e5ace9e8be63a3ac1
-
Size
260KB
-
MD5
bc3ffe2761d210fa05dde9ced4ed4869
-
SHA1
342db0e9441152f6ac3f4babc3a4384a9d81f2c5
-
SHA256
0444af26647e6ca5ad5d0e1c48401a17ccbd162bf60dd37e5ace9e8be63a3ac1
-
SHA512
e413e787679bb447ee21e2a07ff71c7580615d8b1a8c79221f0d530092ff8bef7508ee4be3a6f1f100b2cbfc34a0837eafaea0bbb74325c88a2039ba3b1074fb
Score1/10 -
-
-
Target
05e2912f2a593ba16a5a094d319d96715cbecf025bf88bb0293caaf6beb8bc20
-
Size
69KB
-
MD5
b9c4386e1b32283598c1630be5a12503
-
SHA1
69de6e807271bc79657aa4e53326f4ba5a3c848c
-
SHA256
05e2912f2a593ba16a5a094d319d96715cbecf025bf88bb0293caaf6beb8bc20
-
SHA512
f46350e053c50d0a99be3f9735e0ceba305eae1bc435a363efc8cdd3e49ac623cc2a0426eea52f3eb6f06eadf71b05a284115aa8f2022704b1255078ff336f23
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
5Hidden Files and Directories
1Bootkit
1Defense Evasion
Modify Registry
6Virtualization/Sandbox Evasion
1Hidden Files and Directories
1Install Root Certificate
1