c80c7fea51d54cc4baa259cf5ffaae42ac64d9c764ae413c025b4783db0d76e1 | Triage

Submit
Reports

Overview

overview

8

Static

static

53.js

windows7_x64

53.js

windows10_x64

Sharing

General

Target

53.js
Size

1.8MB
Sample

210227-29ykg282cx
MD5

b6a9829eda9b793923758d253432366d
SHA1

88799043816e99016aa01795094c646eb64f964f
SHA256

c80c7fea51d54cc4baa259cf5ffaae42ac64d9c764ae413c025b4783db0d76e1
SHA512

b376c32276ebdb631b3d499749ac49235e25c5662e2b135428bed714225b245a6603f570f6c21055f06395c414a9982188154b04a15c3567a4d40dfa20b0b296

Score

8^/10

bootkit persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

53.js

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

53.js

Resource

win10v20201028

bootkit ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  53.js
- Size
  
  1.8MB
- MD5
  
  b6a9829eda9b793923758d253432366d
- SHA1
  
  88799043816e99016aa01795094c646eb64f964f
- SHA256
  
  c80c7fea51d54cc4baa259cf5ffaae42ac64d9c764ae413c025b4783db0d76e1
- SHA512
  
  b376c32276ebdb631b3d499749ac49235e25c5662e2b135428bed714225b245a6603f570f6c21055f06395c414a9982188154b04a15c3567a4d40dfa20b0b296
Score

8^/10

persistence bootkit ransomware
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitransomware

© 2018-2024

Terms | Privacy