Resubmissions

12-01-2022 19:26

220112-x5zvradgek 10

12-01-2022 17:00

220112-vh7kzaddek 10

General

  • Target

    16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1.7z

  • Size

    874KB

  • Sample

    220112-vh7kzaddek

  • MD5

    45de841542f53d40ee6da66e0af6b227

  • SHA1

    540eb9995a9ba40823a2e249f4eb515e901538f9

  • SHA256

    d435a055b77b9cfa3281fe7219bb5b276cc685ba2f306c33a6cfe180ab232434

  • SHA512

    9c7a0d94cb0741bc739a571056006680de06366b44419a1666e417a62593798589472c43cf6355f7ce235878c73e0e06b61393934870182e05da575f9e50a512

Malware Config

Targets

    • Target

      16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1

    • Size

      2.7MB

    • MD5

      8486072a80d4cef5b18407ffa74a965d

    • SHA1

      b3bbdd7d990092b8545c04bf6cea5572c1d1cb4c

    • SHA256

      16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1

    • SHA512

      dea0bc47c7b3b178e128d2349ede55d7c13cd5884ce49a178668b9e0a527f2f415eef432a5523c8c129436e37d8a7f424ce0dbebf95b89e22a9d7a1c15c083e5

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Modifies Windows Defender Real-time Protection settings

    • Modifies security service

    • Clears Windows event logs

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks