5f32ef9a224027930381255b1ff7d6be7af83f4886006243effeee31ec775b6e | Triage

Submit
Reports

Overview

overview

Static

static

aa625b84_b...is.exe

windows7_x64

aa625b84_b...is.exe

windows10_x64

Sharing

General

Target

aa625b84_by_Libranalysis
Size

534KB
Sample

210505-957vy82fxn
MD5

aa625b8479b7874ae21cfce7f0bd6de1
SHA1

f5906108c38dd0ff1a5f846f80cbc648f03e5f0a
SHA256

5f32ef9a224027930381255b1ff7d6be7af83f4886006243effeee31ec775b6e
SHA512

3d047f66aff1786cce70dd8f465e0332a329d2e50c47fa63dab56a81923c3e19f6e536bfdef1d0f978b9ab41043e4aa836a54734e1a569577c58cd35065b7f82

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

aa625b84_by_Libranalysis.exe

Resource

win7v20210408

evasion persistence ransomware spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

aa625b84_by_Libranalysis.exe

Resource

win10v20210410

evasion persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  aa625b84_by_Libranalysis
- Size
  
  534KB
- MD5
  
  aa625b8479b7874ae21cfce7f0bd6de1
- SHA1
  
  f5906108c38dd0ff1a5f846f80cbc648f03e5f0a
- SHA256
  
  5f32ef9a224027930381255b1ff7d6be7af83f4886006243effeee31ec775b6e
- SHA512
  
  3d047f66aff1786cce70dd8f465e0332a329d2e50c47fa63dab56a81923c3e19f6e536bfdef1d0f978b9ab41043e4aa836a54734e1a569577c58cd35065b7f82
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Hidden Files and Directories

Bypass User Account Control

Disabling Security Tools

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy