Overview

overview

10

Static

static

load.ps1

windows7-x64

8

load.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    load.ps1.zip

  • Size

    551KB

  • Sample

    220729-24xq8aeefn

  • MD5

    981a4cad11c8ee9e6b5828e83fb9f411

  • SHA1

    8e086dc9fd83228ef98f94a70106ab489d9ab9fe

  • SHA256

    10478c55127b6b0f2c08d11cbbd1cdd0704532b4e9b76d8029868fbd389e11b7

  • SHA512

    f024213feabd3f32a1695f9a3f8dd6abbb6a64c80c4f2978a3134b3f3327034bdd7321ae5e10dc13d781e55ebc475e804027be60517987993db5cd91dccda1f8

Score
10/10
suncryptransomware

Malware Config

Targets

    • Target

      load.ps1

    • Size

      1.4MB

    • MD5

      09a05a2212bd2c0fe0e2881401fbff17

    • SHA1

      fbb6f8dae1753cd2a282ee161bc5496486cc06f7

    • SHA256

      b41a303a4caa71fa260dd601a796033d8bfebcaa6bd9dfd7ad956fac5229a735

    • SHA512

      8d0dd3a7d6adaa690a3f7625a573b8c50cfa9d40fa17836b7e8ab8a10bfe67f4eaf0720cedda0c1d2986e7e70770a097ad8af2a9e24ccd595514a0384cbc275f

    Score
    10/10
    ransomwaresuncrypt

    • SunCrypt Ransomware

      Family which threatens to leak data alongside encrypting files. Has claimed to be collaborating with the Maze ransomware group.

      ransomwaresuncrypt

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks