d2242ea007036837d1d9106dac924c86216e072175a252791e03533177368804 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

ฺฺฺB...��ฺ

windows10_x64

Resubmissions

05-03-2021 08:24

210305-axhwsqhzbx 7

05-03-2021 05:52

210305-r9nhglnamj 7

05-03-2021 05:29

210305-n5h5v4m936 7

05-03-2021 05:27

210305-fzr2cbcw8e 7

05-03-2021 05:26

210305-l8b349sqy6 8

Sharing

General

Target

StonkSystems.exe
Size

7.9MB
Sample

210305-l8b349sqy6
MD5

bc7035108366a10bc21c908fef3317ff
SHA1

8fa0a6d73be3b12cdc8aa8c2f1b0c3071fab1a47
SHA256

d2242ea007036837d1d9106dac924c86216e072175a252791e03533177368804
SHA512

cd58e18d372204370c525da09362cbdf86cad74ea463451a984ff2b2888c5ec7e629f3f28520423fae9bb5cffe74f0c3a263fb32a5b961f322d3fc6795ad5bb7

Score

8^/10

bootkit persistence pyinstaller ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

StonkSystems.exe

Resource

win10v20201028

bootkit persistence ransomware spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  StonkSystems.exe
- Size
  
  7.9MB
- MD5
  
  bc7035108366a10bc21c908fef3317ff
- SHA1
  
  8fa0a6d73be3b12cdc8aa8c2f1b0c3071fab1a47
- SHA256
  
  d2242ea007036837d1d9106dac924c86216e072175a252791e03533177368804
- SHA512
  
  cd58e18d372204370c525da09362cbdf86cad74ea463451a984ff2b2888c5ec7e629f3f28520423fae9bb5cffe74f0c3a263fb32a5b961f322d3fc6795ad5bb7
Score

8^/10

bootkit persistence ransomware spyware
- Modifies Installed Components in the registry
  persistence
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistenceransomwarespyware

© 2018-2024

Terms | Privacy