bbad11dfe76b92735648bce03bc5e163e235120d1114391be78665f8c2f14c94 | Triage

Submit
Reports

Overview

overview

9

Static

static

new bomani.exe

windows7_x64

9

new bomani.exe

windows10-2004_x64

9

Resubmissions

30-03-2022 09:01

220330-ky7kssbab7 9

Sharing

General

Target

new bomani.exe
Size

78KB
Sample

220330-ky7kssbab7
MD5

1a75e7dd18a7186ca44fcf27eb94c4aa
SHA1

049917bb6e78a990f753119e36015c540d51d28f
SHA256

bbad11dfe76b92735648bce03bc5e163e235120d1114391be78665f8c2f14c94
SHA512

8fc7ec6637279dab404cba57c913bfa095de487b2217e7aab9d8653644649e5a2c50882f9ee825f4b0403b45257114d6e6e65e6f2f2e947aa7e00b762ebaa258

Score

9^/10

persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

new bomani.exe

Resource

win7-20220311-en

persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

new bomani.exe

Resource

win10v2004-en-20220113

persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  new bomani.exe
- Size
  
  78KB
- MD5
  
  1a75e7dd18a7186ca44fcf27eb94c4aa
- SHA1
  
  049917bb6e78a990f753119e36015c540d51d28f
- SHA256
  
  bbad11dfe76b92735648bce03bc5e163e235120d1114391be78665f8c2f14c94
- SHA512
  
  8fc7ec6637279dab404cba57c913bfa095de487b2217e7aab9d8653644649e5a2c50882f9ee825f4b0403b45257114d6e6e65e6f2f2e947aa7e00b762ebaa258
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomware

© 2018-2024

Terms | Privacy