e95902e83c3cd7ceef665f91faba200dd487a073996e34ae3f041a00d0a061a5 | Triage

Submit
Reports

Overview

overview

8

Static

static

Doitman.exe

windows7_x64

8

Doitman.exe

windows10_x64

8

Sharing

General

Target

Doitman.exe
Size

125KB
Sample

211209-jj1y2abac2
MD5

f28ac8c53e1776f0bb151bfe969cb50c
SHA1

ac6d92aa5213bf0431999688f63c37d72a6206bf
SHA256

e95902e83c3cd7ceef665f91faba200dd487a073996e34ae3f041a00d0a061a5
SHA512

5ccb69f839dda459fca95a0731a152f831e32e23521e47506710a824a1d5779d59ce1752f623b700a1416263a5537f7c92c16f43c6c9ded028839493bbed8e7c

Score

8^/10

persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Doitman.exe

Resource

win7-en-20211208

persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Doitman.exe

Resource

win10-en-20211208

persistence ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Doitman.exe
- Size
  
  125KB
- MD5
  
  f28ac8c53e1776f0bb151bfe969cb50c
- SHA1
  
  ac6d92aa5213bf0431999688f63c37d72a6206bf
- SHA256
  
  e95902e83c3cd7ceef665f91faba200dd487a073996e34ae3f041a00d0a061a5
- SHA512
  
  5ccb69f839dda459fca95a0731a152f831e32e23521e47506710a824a1d5779d59ce1752f623b700a1416263a5537f7c92c16f43c6c9ded028839493bbed8e7c
Score

8^/10

persistence ransomware spyware stealer
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

persistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy