Resubmissions

12-01-2022 15:06

220112-sg7hgachf6 10

12-01-2022 15:01

220112-sdwlssche3 10

General

  • Target

    d7f237b31f1e2526d93a91534e69f4785a31b855fc28682e5ab7fd778f621a9f.bin.sample

  • Size

    3.8MB

  • Sample

    220112-sdwlssche3

  • MD5

    2a356b6024179ed7b7153fb7d92c2b44

  • SHA1

    417799bfed158276d7fabe92fdaf8c53c642c77b

  • SHA256

    d7f237b31f1e2526d93a91534e69f4785a31b855fc28682e5ab7fd778f621a9f

  • SHA512

    9947bb69a7099993b6e4cdc50375515557c6402d247fc661212e7ae84b836f6fe9f226b5bef7140efab91d8eea8f7d329c79e9f627b24b087838668c054d74b8

Malware Config

Targets

    • Target

      d7f237b31f1e2526d93a91534e69f4785a31b855fc28682e5ab7fd778f621a9f.bin.sample

    • Size

      3.8MB

    • MD5

      2a356b6024179ed7b7153fb7d92c2b44

    • SHA1

      417799bfed158276d7fabe92fdaf8c53c642c77b

    • SHA256

      d7f237b31f1e2526d93a91534e69f4785a31b855fc28682e5ab7fd778f621a9f

    • SHA512

      9947bb69a7099993b6e4cdc50375515557c6402d247fc661212e7ae84b836f6fe9f226b5bef7140efab91d8eea8f7d329c79e9f627b24b087838668c054d74b8

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Modifies Windows Defender Real-time Protection settings

    • Modifies security service

    • Clears Windows event logs

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

MITRE ATT&CK Enterprise v6

Tasks