Overview

overview

8

Static

static

Fol.bat

windows7_x64

Fol.bat

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fol.bat

  • Size

    102B

  • Sample

    210216-926zqsn9xx

  • MD5

    f719addf27a2daef34644a282b05199e

  • SHA1

    7155af9cac8be748684ba26f3993720f954e78d4

  • SHA256

    d8bccc45a013eee3a81417ab6fb0e65f4b67d6cd7e5cc78473a51da179580396

  • SHA512

    fab479f4a9eeb4c80ddc631ba3ba41ef1d3fdd40f6da0d4b9fb1a89b0c50b18a0c64d8336a7cfe1fbcc0889709593e5d86dfab21524e01046d5a5f725462de67

Score
8/10
bootkitransomware

Malware Config

Targets

    • Target

      Fol.bat

    • Size

      102B

    • MD5

      f719addf27a2daef34644a282b05199e

    • SHA1

      7155af9cac8be748684ba26f3993720f954e78d4

    • SHA256

      d8bccc45a013eee3a81417ab6fb0e65f4b67d6cd7e5cc78473a51da179580396

    • SHA512

      fab479f4a9eeb4c80ddc631ba3ba41ef1d3fdd40f6da0d4b9fb1a89b0c50b18a0c64d8336a7cfe1fbcc0889709593e5d86dfab21524e01046d5a5f725462de67

    Score
    8/10
    bootkitransomware

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks