a84f1837031f236302dc335ea0d285e4c9e223631ae2702a0d6176a743018161 | Triage

Submit
Reports

Overview

overview

Static

static

BleachGap.bin.exe

windows7_x64

BleachGap.bin.exe

windows10_x64

Sharing

General

Target

BleachGap.bin.zip
Size

955KB
Sample

210227-sdhxxb9tms
MD5

c0db7ee3f960c969bdf02be2d5c719e7
SHA1

6ea7694b8474aebe6b0821a425cc95be536e6c5c
SHA256

a84f1837031f236302dc335ea0d285e4c9e223631ae2702a0d6176a743018161
SHA512

d6b86f856d2990284e0f5f5fec7b829d33f4b771eac4cc085b92fb72849257bd890ee28ac6bbdf4029016aa7b748fd7b86e63fae9074509c451ef7196b8f0370

Score

10^/10

evasion persistence ransomware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

BleachGap.bin.exe

Resource

win7v20201028

evasion ransomware trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BleachGap.bin.exe

Resource

win10v20201028

evasion persistence ransomware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn-115.anonfiles.com/9821W1G5p3/542b7e19-1612884386/gameover.exe

Targets

- Target
  
  BleachGap.bin
- Size
  
  1001KB
- MD5
  
  015bb16ddcbf8a6326ec859020466c05
- SHA1
  
  f0ff1059e64175c8bf3f557cf1b0f49ed105d7d4
- SHA256
  
  c1eb88cc7f7b43de1ef71fae416c729483d71fa930314c36dfb03b01b8455d31
- SHA512
  
  588051f1702c69b96168c9bfa41bdb9aaffdf48bf3178e30ee1bf1510989a1b43b1032b9b002f81907428182a050befc9b00143b4991c47131bcb4b25dfc83c5
Score

10^/10

evasion ransomware trojan upx persistence
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

File Deletion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomwaretrojanupx

behavioral2

evasionpersistenceransomwaretrojan

© 2018-2025

Terms | Privacy