d23c626d8568b47ff9055efd1ea569f9fe655a579287a5acc907cc9db95189ec | Triage

Submit
Reports

Overview

overview

8

Static

static

4

Update Pay...on.pdf

windows7_x64

1

Update Pay...on.pdf

windows10_x64

Sharing

General

Target

Update Payment Information.pdf
Size

199KB
Sample

210208-aky4rcmel6
MD5

2cb9ea52ddeaf3d57a984bb03fe05f8e
SHA1

9a3601139d9d96749f3afdb3fcda12404d88c0e4
SHA256

d23c626d8568b47ff9055efd1ea569f9fe655a579287a5acc907cc9db95189ec
SHA512

f099f1e8f67e81226b2baea001dbc2a8b97654bd023dc351fae4dcb9b80b2f8be002476dcd421d79f921656c24a83d50fa04e7eb98b5e50bfc15f5623bbce27b

Score

8^/10

bootkit link pdf ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Update Payment Information.pdf

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Update Payment Information.pdf

Resource

win10v20201028

bootkit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Update Payment Information.pdf
- Size
  
  199KB
- MD5
  
  2cb9ea52ddeaf3d57a984bb03fe05f8e
- SHA1
  
  9a3601139d9d96749f3afdb3fcda12404d88c0e4
- SHA256
  
  d23c626d8568b47ff9055efd1ea569f9fe655a579287a5acc907cc9db95189ec
- SHA512
  
  f099f1e8f67e81226b2baea001dbc2a8b97654bd023dc351fae4dcb9b80b2f8be002476dcd421d79f921656c24a83d50fa04e7eb98b5e50bfc15f5623bbce27b
Score

8^/10

bootkit ransomware
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitransomware

© 2018-2024

Terms | Privacy