Overview

overview

10

Static

static

PCShredder.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PCShredder.exe

  • Size

    14.7MB

  • Sample

    220706-fdyd6sagh9

  • MD5

    96cb05530c60082172543f1011fd9d48

  • SHA1

    3ab9dcd4b109432656b36afa1f8f264d43d43273

  • SHA256

    918567fd880fe414ae41ebca386cfafe8b114369ce8002fa2d9420b5495576c8

  • SHA512

    e6fd8493dee16e771dccc892cd0941cac676fbd2f23cd589350101df3d9c307dcbc3b7e66181f9cc83662da9a455ea5172392485e351754bc775743d90cb7c90

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      PCShredder.exe

    • Size

      14.7MB

    • MD5

      96cb05530c60082172543f1011fd9d48

    • SHA1

      3ab9dcd4b109432656b36afa1f8f264d43d43273

    • SHA256

      918567fd880fe414ae41ebca386cfafe8b114369ce8002fa2d9420b5495576c8

    • SHA512

      e6fd8493dee16e771dccc892cd0941cac676fbd2f23cd589350101df3d9c307dcbc3b7e66181f9cc83662da9a455ea5172392485e351754bc775743d90cb7c90

    Score
    10/10
    persistenceransomware

    • Modifies system executable filetype association

      persistence

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

File Deletion

2
T1107

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks