djvu | e9a78c00f0c651f605119a584225f7ac87ef48eff719b6b4414931c88e7df7df | Triage

Submit
Reports

Overview

overview

Static

static

c80ad6ada1...15.exe

windows7_x64

c80ad6ada1...15.exe

windows10_x64

Sharing

General

Target

c80ad6ada1635b8bca10287561eeae15.exe
Size

693KB
Sample

210926-r8qtcsehej
MD5

c80ad6ada1635b8bca10287561eeae15
SHA1

adcdbf7bffc69fb590785637a9a78a195421a375
SHA256

e9a78c00f0c651f605119a584225f7ac87ef48eff719b6b4414931c88e7df7df
SHA512

b08ae40cedcace5a918553923dc5a87ea488364c948fe5f3562d2a6353eac0a31779ecd18ef30770b3a5a2098ea7ec8886dc09b73026e407ebc52c39222025ba

Score

10^/10

djvu discovery persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

c80ad6ada1635b8bca10287561eeae15.exe

Resource

win7v20210408

djvu discovery persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c80ad6ada1635b8bca10287561eeae15.exe

Resource

win10-en-20210920

djvu discovery persistence ransomware suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c80ad6ada1635b8bca10287561eeae15.exe
- Size
  
  693KB
- MD5
  
  c80ad6ada1635b8bca10287561eeae15
- SHA1
  
  adcdbf7bffc69fb590785637a9a78a195421a375
- SHA256
  
  e9a78c00f0c651f605119a584225f7ac87ef48eff719b6b4414931c88e7df7df
- SHA512
  
  b08ae40cedcace5a918553923dc5a87ea488364c948fe5f3562d2a6353eac0a31779ecd18ef30770b3a5a2098ea7ec8886dc09b73026e407ebc52c39222025ba
Score

10^/10

djvu discovery persistence ransomware suricata
- Detected Djvu ransomware
- Djvu Ransomware
  Ransomware which is a variant of the STOP family.
  ransomware djvu
- suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
  suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
  suricata
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

djvudiscoverypersistenceransomwaresuricata

behavioral2

djvudiscoverypersistenceransomwaresuricata

© 2018-2024

Terms | Privacy