Overview

overview

8

Static

static

texi64.dll

windows7_x64

8

texi64.dll

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    texi64.bin.zip

  • Size

    158KB

  • Sample

    220506-sg6aeaaae5

  • MD5

    e2b253a754429df3aba20e6392f083e9

  • SHA1

    b96339861a8784336b812131395307b314fdb0b1

  • SHA256

    99a14d455baa06e9f30d34d73509ce6bdadeb66cc96b94cfd3f06ff80d07300d

  • SHA512

    996162a2e949bb93e70383731614193631e762da5af4bda9eb7e6dfe65a97b34f293ce145a3b451d3fbc5240982fd7d755a8fce240901498f4a9a95a6bb55d6a

Score
8/10
persistenceransomware

Malware Config

Targets

    • Target

      texi64.bin

    • Size

      280KB

    • MD5

      f2b8daf9be5866844bb5f1a860d4433f

    • SHA1

      6097602f35245926bdcbffcd86ef6f67b2af7bd8

    • SHA256

      e4756dc21114c9de523af307992382dfd0fc0cf7ccf19d5351998c498561ca20

    • SHA512

      b26d90b64bea4b7177d83498efb58d42902e4cc76e9386fd6be6040a5b17d28ed1093b769a4728cfa1e0fdb756c8238a1b8914379b161bf8d6b1f51324a4b73a

    Score
    8/10
    ransomwarepersistence

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks