Overview

overview

10

Static

static

cab6cf122d...68.exe

windows7_x64

10

cab6cf122d...68.exe

windows10_x64

10

Resubmissions

13-01-2022 14:14

220113-rj8ymsagb4 10

13-01-2022 11:04

220113-m6crhahfgj 10

13-01-2022 10:58

220113-m3a4hahef9 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cab6cf122d0b7129f5083dd0f494bb2f0ecae8c02cf544111e1fc51e13a9fb68

  • Size

    2.5MB

  • Sample

    220113-m3a4hahef9

  • MD5

    8fdfa1997b566f6e086c29e33935dcc5

  • SHA1

    178fbe1c8fc1a6e3440215d668797699f94a4bef

  • SHA256

    cab6cf122d0b7129f5083dd0f494bb2f0ecae8c02cf544111e1fc51e13a9fb68

  • SHA512

    b185d1080c62f59ff26592321bf2a5cb85556260f34f59726cc9d5aeed1f82a48c710e8decd1212ddc2e4ca371ba83ad3aca6bf34587ddc73cc9c90afec467d5

Score
10/10
evasionransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      cab6cf122d0b7129f5083dd0f494bb2f0ecae8c02cf544111e1fc51e13a9fb68

    • Size

      2.5MB

    • MD5

      8fdfa1997b566f6e086c29e33935dcc5

    • SHA1

      178fbe1c8fc1a6e3440215d668797699f94a4bef

    • SHA256

      cab6cf122d0b7129f5083dd0f494bb2f0ecae8c02cf544111e1fc51e13a9fb68

    • SHA512

      b185d1080c62f59ff26592321bf2a5cb85556260f34f59726cc9d5aeed1f82a48c710e8decd1212ddc2e4ca371ba83ad3aca6bf34587ddc73cc9c90afec467d5

    Score
    10/10
    evasionransomwaretrojanspywarestealer

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Modifies security service

      evasion

    • Clears Windows event logs

      evasionransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks