86d4ff6b8e90c20ddf020af1e45e5d2403e80285565290678c634e312df17f43 | Triage

Submit
Reports

Overview

overview

8

Static

static

Fast w internet

windows10_x64

Sharing

General

Target

qak.dll
Size

1.0MB
Sample

210225-x1qxqz6ntj
MD5

15d5676f003f8a48062ab16379e1149b
SHA1

a6afc5d0564a911af2f6b0bb81f50bc82d7da464
SHA256

86d4ff6b8e90c20ddf020af1e45e5d2403e80285565290678c634e312df17f43
SHA512

d064a96473e08d9d4720a17de0ecd57afed3d167c3f45458e37d8e204b6d3df9613fe8d3378ea4e4a97e801e4f018df30c6368ba3be296c85bd22996ec1a086d

Score

8^/10

bootkit ransomware

Static task

static1

Behavioral task

behavioral1

Sample

qak.dll

Resource

win10v20201028

bootkit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  qak.dll
- Size
  
  1.0MB
- MD5
  
  15d5676f003f8a48062ab16379e1149b
- SHA1
  
  a6afc5d0564a911af2f6b0bb81f50bc82d7da464
- SHA256
  
  86d4ff6b8e90c20ddf020af1e45e5d2403e80285565290678c634e312df17f43
- SHA512
  
  d064a96473e08d9d4720a17de0ecd57afed3d167c3f45458e37d8e204b6d3df9613fe8d3378ea4e4a97e801e4f018df30c6368ba3be296c85bd22996ec1a086d
Score

8^/10

bootkit ransomware
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitransomware

© 2018-2024

Terms | Privacy