9e810b47765a320641c66c2628fce44f824345fb882f62c7e3077851feb703f8 | Triage

Submit
Reports

Overview

overview

Static

static

[email protected]

windows10-2004_x64

Sharing

General

Target

[email protected]
Size

2.5MB
Sample

220423-gv9dfaehan
MD5

3fe372e36a4a3ec87f12e0e65fce255b
SHA1

ca2747693ced1e4436082a96daab2cdd945459c3
SHA256

9e810b47765a320641c66c2628fce44f824345fb882f62c7e3077851feb703f8
SHA512

2a29e68922d5984376964337d9ae4939e760ecb2862ae8301d99c6fafed3b4369788c2ffebc781aa56067f7131e4f66a04b0ec3e1743779d8d3a7d50cb9598ef

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

[email protected]

Resource

win10v2004-20220414-es

evasion persistence ransomware spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  [email protected]
- Size
  
  3.0MB
- MD5
  
  149cc2ec1900cb778afb50d8026eadf5
- SHA1
  
  a7bc1bbc7bdc970757ec369ef0b51dc53989f131
- SHA256
  
  817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797
- SHA512
  
  d617654478beb6325d86c108cddaff8f8d658a235d26b8e0282ed85dca826bdb62b0b67e749c7cd421dbae1d98084220e2f4d5779badb8fd7ab07ff333a35553
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

© 2018-2024

Terms | Privacy