djvu | 9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d
Size

782KB
Sample

211021-taaqlaaec2
MD5

f8965a89dea0bc5a9eb9473e15203c4b
SHA1

4c64c26c74c0fac039a0974a95ab5e48f8e8d4e3
SHA256

9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d
SHA512

79dd477be26046d4eba9039fa148fdaeba85100bd3d78e0af8db95571672964603c187864b2f11fcf366abc61263bd87117bfed2b943d4d2c632330b6023e1c3

Score

10^/10

djvu discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d.exe

Resource

win10-en-20211014

djvu discovery persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

djvu

C2

http://rlrz.org/fhsgtsspen6

Targets

- Target
  
  9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d
- Size
  
  782KB
- MD5
  
  f8965a89dea0bc5a9eb9473e15203c4b
- SHA1
  
  4c64c26c74c0fac039a0974a95ab5e48f8e8d4e3
- SHA256
  
  9f6afa09d7d82aa7527a2dc83c0819b37192a8513879979d01c79f5741b0092d
- SHA512
  
  79dd477be26046d4eba9039fa148fdaeba85100bd3d78e0af8db95571672964603c187864b2f11fcf366abc61263bd87117bfed2b943d4d2c632330b6023e1c3
Score

10^/10

djvu discovery persistence ransomware
- Detected Djvu ransomware
- Djvu Ransomware
  Ransomware which is a variant of the STOP family.
  ransomware djvu
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Permissions Modification

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

djvudiscoverypersistenceransomware

© 2018-2024

Terms | Privacy