Overview

overview

8

Static

static

VanGoth.exe

windows7_x64

8

VanGoth.exe

windows10_x64

8
General
Target

VanGoth.exe

Size

36KB

Sample

211014-bw4lpafef9

Score
8/10
MD5

afff555062c4e6fb3a34e7c2be519fcd

SHA1

73ed552ba04e57e8cd991f9f82a182aa298c4baa

SHA256

d27a5719ec67c146a1b338302074de39f5ad49b17f81cb014cc2c57c4f464d85

SHA512

31b3b0cf4e877f848fae85c7afd08fe165ae5bcb114d41781d28403e276f524d383e34f7d3e39b96beb8e39f023ae1d150115bf751a3196e3c773eb688a6277f

Malware Config
Targets
Target

VanGoth.exe

MD5

afff555062c4e6fb3a34e7c2be519fcd

Filesize

36KB

Score
8/10
SHA1

73ed552ba04e57e8cd991f9f82a182aa298c4baa

SHA256

d27a5719ec67c146a1b338302074de39f5ad49b17f81cb014cc2c57c4f464d85

SHA512

31b3b0cf4e877f848fae85c7afd08fe165ae5bcb114d41781d28403e276f524d383e34f7d3e39b96beb8e39f023ae1d150115bf751a3196e3c773eb688a6277f

Tags

Signatures

  • Drops file in Drivers directory

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Drops file in System32 directory

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral1

                      Score
                      8/10

                      behavioral2

                      Score
                      8/10