Overview

overview

8

Static

static

3

gen.exe

windows7_x64

gen.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gen.exe

  • Size

    7.1MB

  • Sample

    210305-s9mcz2yrwj

  • MD5

    ac5874a4074d3f6daf8717e16476e355

  • SHA1

    52fa45d972da9a90d725839654b1b6d05e13bf5f

  • SHA256

    519a5e542e845e29039e769973ed337c6b5253dcd31e92cf63df7a22e916ee5d

  • SHA512

    b62c53e2efb8db4ffed44983e68ed0a2c47be65ee31b814f6d74e6b636335ad170151bf49849dcd5544c435a2385c8e44d1c1287b4f424c0f7d99fd190969e5d

Score
8/10
bootkitpyinstallerransomwarespyware

Malware Config

Targets

    • Target

      gen.exe

    • Size

      7.1MB

    • MD5

      ac5874a4074d3f6daf8717e16476e355

    • SHA1

      52fa45d972da9a90d725839654b1b6d05e13bf5f

    • SHA256

      519a5e542e845e29039e769973ed337c6b5253dcd31e92cf63df7a22e916ee5d

    • SHA512

      b62c53e2efb8db4ffed44983e68ed0a2c47be65ee31b814f6d74e6b636335ad170151bf49849dcd5544c435a2385c8e44d1c1287b4f424c0f7d99fd190969e5d

    Score
    8/10
    bootkitransomwarespyware

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks