Resubmissions

29-10-2021 14:51

211029-r8nn1aacaj 10

23-03-2021 18:12

210323-s8jdk5y98j 10

General

  • Target

    936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd

  • Size

    296KB

  • Sample

    211029-r8nn1aacaj

  • MD5

    6b2c7d5298c7fb8f4c4c3531894a91c1

  • SHA1

    d7333af03603b27566ac8ab63d6aa21575e1ebb4

  • SHA256

    936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd

  • SHA512

    2555a572e9088ce58dce5bcaf1c0fca76727b6a1e1315ec0dbfe588a796faf1d083cb6ff3a6362f7c8075a4f321228c6227db7a3207fa557fff68e9fd4a3e114

Malware Config

Targets

    • Target

      936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd

    • Size

      296KB

    • MD5

      6b2c7d5298c7fb8f4c4c3531894a91c1

    • SHA1

      d7333af03603b27566ac8ab63d6aa21575e1ebb4

    • SHA256

      936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd

    • SHA512

      2555a572e9088ce58dce5bcaf1c0fca76727b6a1e1315ec0dbfe588a796faf1d083cb6ff3a6362f7c8075a4f321228c6227db7a3207fa557fff68e9fd4a3e114

    • Modifies Windows Defender Real-time Protection settings

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Downloads PsExec from SysInternals website

      Sysinternals tools like PsExec are often leveraged maliciously by malware families due to being commonly used by testers/administrators.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

    • Modifies file permissions

    • Windows security modification

    • Modifies WinLogon

MITRE ATT&CK Enterprise v6

Tasks