Overview

overview

8

Static

static

build_v2.exe

windows7_x64

8

build_v2.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    build_v2.exe

  • Size

    781KB

  • Sample

    210417-myrmzhjl32

  • MD5

    ca488b40ff017aa2e5edfb657195b19a

  • SHA1

    8591740a747320a93eef73850a29a109cac17a26

  • SHA256

    5e11767db92bef1591938a448d1d391202e6c8d8ddf0275dc8d72fd375b950db

  • SHA512

    73e99e1da85da472e97b0184a71fbffc39b81dd9daffecd640443413976b147941b79f51b2cc7aa90da68b8ba5a39e5541437c41509ca9280082b5a400c441ca

Score
8/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      build_v2.exe

    • Size

      781KB

    • MD5

      ca488b40ff017aa2e5edfb657195b19a

    • SHA1

      8591740a747320a93eef73850a29a109cac17a26

    • SHA256

      5e11767db92bef1591938a448d1d391202e6c8d8ddf0275dc8d72fd375b950db

    • SHA512

      73e99e1da85da472e97b0184a71fbffc39b81dd9daffecd640443413976b147941b79f51b2cc7aa90da68b8ba5a39e5541437c41509ca9280082b5a400c441ca

    Score
    8/10
    evasionpersistenceransomware

    • Disables Task Manager via registry modification

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Defacement

1
T1491

Tasks