Overview

overview

10

Static

static

5e0587e61d...le.exe

windows7_x64

10

5e0587e61d...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e0587e61d94a40091480a2f5f78621362265b8702b3558a0db536693159865f.sample

  • Size

    2.6MB

  • Sample

    210726-cfnwq4v4b6

  • MD5

    792c63e062e97bdba54ffb95636b38d9

  • SHA1

    ba3e10ce06ea67224ae577eab44f17d16e08e22b

  • SHA256

    5e0587e61d94a40091480a2f5f78621362265b8702b3558a0db536693159865f

  • SHA512

    1f2378036c4031f05248b56a032063093daf02910bde5ac4ef2d546bc5fdaf4f5cb465a8a8c3286410642275ae7d45803dd1d53d533f770e26037072e2a03735

Score
10/10
evasionransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      5e0587e61d94a40091480a2f5f78621362265b8702b3558a0db536693159865f.sample

    • Size

      2.6MB

    • MD5

      792c63e062e97bdba54ffb95636b38d9

    • SHA1

      ba3e10ce06ea67224ae577eab44f17d16e08e22b

    • SHA256

      5e0587e61d94a40091480a2f5f78621362265b8702b3558a0db536693159865f

    • SHA512

      1f2378036c4031f05248b56a032063093daf02910bde5ac4ef2d546bc5fdaf4f5cb465a8a8c3286410642275ae7d45803dd1d53d533f770e26037072e2a03735

    Score
    10/10
    evasionransomwarespywarestealertrojan

    • UAC bypass

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

File Deletion

2
T1107

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks