Overview

overview

8

Static

static

RandsomWare.msi

windows7_x64

8

RandsomWare.msi

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RandsomWare.msi

  • Size

    698KB

  • Sample

    211022-hmz1gabca2

  • MD5

    eadca8bf5237297a07385d3a7ab386b2

  • SHA1

    688ab0e86912fa8c59755d8205e7a4decc2706d3

  • SHA256

    ae205185b912d2c4be5df9c4786b47e164db6e23fd9f51893e7e7c77f5ca4915

  • SHA512

    39d9c32edce729bb97bcef81a3510ab96f6003e13cc5e3a819208b431375dcdf610e49b929f045a6a26ae28a2ff5762ff67c19de5ab0ba8dbe00074c456d6021

Score
8/10
evasionransomware

Malware Config

Targets

    • Target

      RandsomWare.msi

    • Size

      698KB

    • MD5

      eadca8bf5237297a07385d3a7ab386b2

    • SHA1

      688ab0e86912fa8c59755d8205e7a4decc2706d3

    • SHA256

      ae205185b912d2c4be5df9c4786b47e164db6e23fd9f51893e7e7c77f5ca4915

    • SHA512

      39d9c32edce729bb97bcef81a3510ab96f6003e13cc5e3a819208b431375dcdf610e49b929f045a6a26ae28a2ff5762ff67c19de5ab0ba8dbe00074c456d6021

    Score
    8/10
    evasionransomware

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks