General
-
Target
Cyanide.exe
-
Size
150KB
-
Sample
210213-qy1msbm93n
-
MD5
88552621245e13e37456450b670b040e
-
SHA1
e2f8374fae2dc206dc390c73c866567691385af9
-
SHA256
7dfdcd5bc610f3718de9ecd3fc67aba996d3a9c786b5954832ede3cc99d0b0b7
-
SHA512
f592750acfe72794a523876cac0c651c9e25414e650203b0001364d3591ca0ed4344c54c961c19233d08b63515672fa6f378d86882457987f2d8cbe6948a3b61
Static task
static1
Behavioral task
behavioral1
Sample
Cyanide.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Cyanide.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Cyanide.exe
-
Size
150KB
-
MD5
88552621245e13e37456450b670b040e
-
SHA1
e2f8374fae2dc206dc390c73c866567691385af9
-
SHA256
7dfdcd5bc610f3718de9ecd3fc67aba996d3a9c786b5954832ede3cc99d0b0b7
-
SHA512
f592750acfe72794a523876cac0c651c9e25414e650203b0001364d3591ca0ed4344c54c961c19233d08b63515672fa6f378d86882457987f2d8cbe6948a3b61
Score9/10-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Modifies boot configuration data using bcdedit
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-