bcb62eab32937c13ba267c24ce8488ef4973989bb41e0d282b2e92ee3b2240a0 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

60 seconds - Win. 10

windows10_x64

Sharing

General

Target

1.xlsb
Size

81KB
Sample

210226-32fdcbkst2
MD5

d19e0a75cd215002029844a3fe636b78
SHA1

9d07f470a0c481e96139434fad28d8e68c914753
SHA256

bcb62eab32937c13ba267c24ce8488ef4973989bb41e0d282b2e92ee3b2240a0
SHA512

eda7c0f26706727b5bdde7e6290cecbf2d9c12c24bd26faee4593bec548876c4d9972d4c7ef42b08189ca1516ae9cb1553bb9d9a99d583b7e1a7d0db35ccb1ca

Score

8^/10

bootkit macro ransomware xlm

Static task

static1

Behavioral task

behavioral1

Sample

1.xlsb

Resource

win10v20201028

bootkit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1.xlsb
- Size
  
  81KB
- MD5
  
  d19e0a75cd215002029844a3fe636b78
- SHA1
  
  9d07f470a0c481e96139434fad28d8e68c914753
- SHA256
  
  bcb62eab32937c13ba267c24ce8488ef4973989bb41e0d282b2e92ee3b2240a0
- SHA512
  
  eda7c0f26706727b5bdde7e6290cecbf2d9c12c24bd26faee4593bec548876c4d9972d4c7ef42b08189ca1516ae9cb1553bb9d9a99d583b7e1a7d0db35ccb1ca
Score

8^/10

bootkit ransomware
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitransomware

© 2018-2024

Terms | Privacy