Overview

overview

10

Static

static

227e256d82...bb.exe

windows7_x64

10

227e256d82...bb.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb

  • Size

    7.0MB

  • Sample

    210511-y3dap8fxcn

  • MD5

    6cc7273b2bc3fa2e5632418b8738e329

  • SHA1

    8e8def5c80c4fc1e7e10027ab3e3be2b0a72a1af

  • SHA256

    227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb

  • SHA512

    22199ec6d91e72157d49839e56f2658007082eae8c077d31f2dd906336fea3c2bfa17b2543bf2495a34839921b3a0a76d783371e2a117d263afea5ed2dff618b

Score
10/10
evasionpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb

    • Size

      7.0MB

    • MD5

      6cc7273b2bc3fa2e5632418b8738e329

    • SHA1

      8e8def5c80c4fc1e7e10027ab3e3be2b0a72a1af

    • SHA256

      227e256d82eb0ff4b45456a11e99768ef5da551d2084af71896058d3fe2b60bb

    • SHA512

      22199ec6d91e72157d49839e56f2658007082eae8c077d31f2dd906336fea3c2bfa17b2543bf2495a34839921b3a0a76d783371e2a117d263afea5ed2dff618b

    Score
    10/10
    evasionpersistenceransomwarespywarestealertrojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

5
T1112

Hidden Files and Directories

1
T1158

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks