Overview

overview

8

Static

static

dottwitch.exe

windows7_x64

dottwitch.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dottwitch.exe

  • Size

    78KB

  • Sample

    210305-m9ms8fsmps

  • MD5

    19ca826fb47911d0f28d5f3a581fa04e

  • SHA1

    7f68c84eee75ee8a2357b570140466cdcbacc8eb

  • SHA256

    93b99f8ca3f18926d2405d337bf047fb419c8bfd898aeab2f74108833fca85ae

  • SHA512

    1f4057c5bcd74be122e068ac3a23a8d802aa19136146a06d47720ce797c51ce4982d6e9e10034b5192122f0c0f7f44c199d3146af63eded78cb08c8f1b6bf532

Score
8/10
bootkitransomware

Malware Config

Targets

    • Target

      dottwitch.exe

    • Size

      78KB

    • MD5

      19ca826fb47911d0f28d5f3a581fa04e

    • SHA1

      7f68c84eee75ee8a2357b570140466cdcbacc8eb

    • SHA256

      93b99f8ca3f18926d2405d337bf047fb419c8bfd898aeab2f74108833fca85ae

    • SHA512

      1f4057c5bcd74be122e068ac3a23a8d802aa19136146a06d47720ce797c51ce4982d6e9e10034b5192122f0c0f7f44c199d3146af63eded78cb08c8f1b6bf532

    Score
    8/10
    bootkitransomware

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks