321d0c4f1bbb44c53cd02186107a18b7a44c840a9a5f0a78bdac06868136b72c | Triage

Submit
Reports

Overview

overview

Static

static

8

321d0c4f1b...2c.exe

windows7_x64

321d0c4f1b...2c.exe

windows10_x64

Sharing

General

Target

321d0c4f1bbb44c53cd02186107a18b7a44c840a9a5f0a78bdac06868136b72c
Size

896KB
Sample

211209-pkqscacaa8
MD5

b5045d802394f4560280a7404af69263
SHA1

73e1c941a9e639d5ed4779af9a818d2f253dacd1
SHA256

321d0c4f1bbb44c53cd02186107a18b7a44c840a9a5f0a78bdac06868136b72c
SHA512

93ac02b1aeaf0ab747c55ec434a08e78d150845124aede91b212e92eba68e526d3aa874ebcd54b19f899b1d36ca382c2168b109b9306794bca041ed499ec05c0

Score

10^/10

evasion ransomware spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

321d0c4f1bbb44c53cd02186107a18b7a44c840a9a5f0a78bdac06868136b72c.exe

Resource

win7-en-20211208

evasion ransomware spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

321d0c4f1bbb44c53cd02186107a18b7a44c840a9a5f0a78bdac06868136b72c.exe

Resource

win10-en-20211208

evasion ransomware spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  321d0c4f1bbb44c53cd02186107a18b7a44c840a9a5f0a78bdac06868136b72c
- Size
  
  896KB
- MD5
  
  b5045d802394f4560280a7404af69263
- SHA1
  
  73e1c941a9e639d5ed4779af9a818d2f253dacd1
- SHA256
  
  321d0c4f1bbb44c53cd02186107a18b7a44c840a9a5f0a78bdac06868136b72c
- SHA512
  
  93ac02b1aeaf0ab747c55ec434a08e78d150845124aede91b212e92eba68e526d3aa874ebcd54b19f899b1d36ca382c2168b109b9306794bca041ed499ec05c0
Score

10^/10

evasion ransomware spyware stealer trojan
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Clears Windows event logs
  evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Disabling Security Tools

Indicator Removal on Host

File Deletion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomwarespywarestealertrojan

behavioral2

evasionransomwarespywarestealertrojan

© 2018-2024

Terms | Privacy