Overview

overview

10

Static

static

repack by xatab.exe

windows7_x64

repack by xatab.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    repack by xatab.exe

  • Size

    222KB

  • Sample

    210710-68sladrcsj

  • MD5

    e2aaff3cf5f2b9fee6061eddf55620b9

  • SHA1

    f780afcca44c836dc48619dece8374882521bbb1

  • SHA256

    90413227e6a42728248b5adf7c8930491a3ef2c7ec3b21d93f5da52a8f126f6d

  • SHA512

    8827152335018563b4091ed5aebac7d26ff0eae478a848eb8659c9fe9a4ffcd9599457587b3b4310253d85571fe385d3ac4499366e621326092be1b178039834

Score
10/10
bootkitpersistenceransomwareupx

Malware Config

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-2513283230-931923277-594887482-1000\HOW TO DECRYPT FILES.txt

Ransom Note
The harddisks of your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key To purchase your key and restore your data, please follow these three easy steps: 1.Create btc wallet and send 350 $ to Happy walentine day nohing personal Please make my life easier write in the them of transaction your email adress

Targets

    • Target

      repack by xatab.exe

    • Size

      222KB

    • MD5

      e2aaff3cf5f2b9fee6061eddf55620b9

    • SHA1

      f780afcca44c836dc48619dece8374882521bbb1

    • SHA256

      90413227e6a42728248b5adf7c8930491a3ef2c7ec3b21d93f5da52a8f126f6d

    • SHA512

      8827152335018563b4091ed5aebac7d26ff0eae478a848eb8659c9fe9a4ffcd9599457587b3b4310253d85571fe385d3ac4499366e621326092be1b178039834

    Score
    10/10
    bootkitpersistenceransomwareupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks