a1658b6be9e1b593d0bb054f4076ab1ee1dec29106dedf21104775ed29bba191 | Triage

Sharing

General

Target

D68.vbs
Size

1KB
Sample

210227-a8w8xyyav6
MD5

ab9cc26b8906ebb66972fec16a3d4e23
SHA1

20e4f76a75bff04ea457eea160c621192445c416
SHA256

a1658b6be9e1b593d0bb054f4076ab1ee1dec29106dedf21104775ed29bba191
SHA512

ad3246a0afccf93ac2d866028489f7cedc37459ebe05277fd130100a49f45cc0e68ea6bef90217071d3de61a9c7b8b727f94fd57dce4e1f3626b2cac30169013

Score

8^/10

bootkit ransomware

Malware Config

Targets

- Target
  
  D68.vbs
- Size
  
  1KB
- MD5
  
  ab9cc26b8906ebb66972fec16a3d4e23
- SHA1
  
  20e4f76a75bff04ea457eea160c621192445c416
- SHA256
  
  a1658b6be9e1b593d0bb054f4076ab1ee1dec29106dedf21104775ed29bba191
- SHA512
  
  ad3246a0afccf93ac2d866028489f7cedc37459ebe05277fd130100a49f45cc0e68ea6bef90217071d3de61a9c7b8b727f94fd57dce4e1f3626b2cac30169013
Score

8^/10

bootkit ransomware
- Blocklisted process makes network request
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bootkitransomware