Overview

overview

10

Static

static

Windows Se...er.exe

windows10_x64

10

Resubmissions

21/09/2022, 15:35

220921-s1bj5scbfr 9

18/06/2021, 06:44

210618-hbnfahrlfa 10

18/06/2021, 06:16

210618-zl79572kwa 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Windows Session Manager.exe

  • Size

    278KB

  • Sample

    210618-hbnfahrlfa

  • MD5

    6736b48ac9b71f21d8e41d5a1f27a0a6

  • SHA1

    45eb63e779cb9f33209b29a175199a9048bd9035

  • SHA256

    5ad38d579fb249b3326a25cffb6f5ffea11b125cda7b61205893432f59a02101

  • SHA512

    c009278cd156d72957b5a29cec68eb97a0aad8dba7dc3c7a3bb1bba2c96779c41a89a106d65dcb91880fb5e2a639c1b89c87ba3906dd11f4aa7f76fe1f5de8ad

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\readme.txt

Ransom Note
All of your files such as Document, photos ,Databases, etc... has been successfully encrypted! are encrypted by Poteston Ransomware What guarantees do we give to you? You can send one of your encrypted file from your PC and we decrypt it for free. and files should not contain valuable information (databases, backups, large excel sheets, etc.). After payment we will send you the decryption tool that will decrypt all your files. Contact us using this email address: [email protected] Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it Your personal ID : H4za1TkOTMRislVpl+pxDTIqEFNbsRl+X+q9HQCz2H0sbohbWa3BqyW38dI/Pu4W1LLmwudvd/5FOkL+EaMH/BqkPXpocREl7FVtVKruWhhrQkb32tUnIuyo451UV9wJkIUWYgBdGZUIKX6nLTiAk0ka3FNPcd5OpHN6ldxKzso=

Targets

    • Target

      Windows Session Manager.exe

    • Size

      278KB

    • MD5

      6736b48ac9b71f21d8e41d5a1f27a0a6

    • SHA1

      45eb63e779cb9f33209b29a175199a9048bd9035

    • SHA256

      5ad38d579fb249b3326a25cffb6f5ffea11b125cda7b61205893432f59a02101

    • SHA512

      c009278cd156d72957b5a29cec68eb97a0aad8dba7dc3c7a3bb1bba2c96779c41a89a106d65dcb91880fb5e2a639c1b89c87ba3906dd11f4aa7f76fe1f5de8ad

    Score
    10/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks