Resubmissions

12-01-2022 14:09

220112-rgdpqacghr 10

12-01-2022 14:06

220112-rertkacga3 10

12-01-2022 14:00

220112-rbg5yscfh2 10

General

  • Target

    87967600b0f6026f97093416dcd7ec38f740adaf84757255c179180873b41177.bin.sample

  • Size

    3.8MB

  • Sample

    220112-rbg5yscfh2

  • MD5

    32bd8e6843879a761e6fa9436a90bb66

  • SHA1

    26dde522d6f3f87ac982495028494c7f50799696

  • SHA256

    87967600b0f6026f97093416dcd7ec38f740adaf84757255c179180873b41177

  • SHA512

    c7e437c61980385ce57fe2a0dc0988aeba4609ac1ac7b7c07951c10c6bc38772c7ad1442571ab6409c8ea04991844e7ad95b5a9b35e31996f7aad9db4020716f

Malware Config

Targets

    • Target

      87967600b0f6026f97093416dcd7ec38f740adaf84757255c179180873b41177.bin.sample

    • Size

      3.8MB

    • MD5

      32bd8e6843879a761e6fa9436a90bb66

    • SHA1

      26dde522d6f3f87ac982495028494c7f50799696

    • SHA256

      87967600b0f6026f97093416dcd7ec38f740adaf84757255c179180873b41177

    • SHA512

      c7e437c61980385ce57fe2a0dc0988aeba4609ac1ac7b7c07951c10c6bc38772c7ad1442571ab6409c8ea04991844e7ad95b5a9b35e31996f7aad9db4020716f

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Modifies Windows Defender Real-time Protection settings

    • Modifies security service

    • Clears Windows event logs

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

MITRE ATT&CK Enterprise v6

Tasks