Overview

overview

10

Static

static

10

XiaoBa.exe

windows10-1703-x64

6

XiaoBa.exe

windows10-2004-x64

7

Resubmissions

23/09/2022, 21:21

220923-z7a1hsbdam 10

23/09/2022, 21:14

220923-z3fp7sbchn 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    XiaoBa.zip

  • Size

    3.8MB

  • Sample

    220923-z3fp7sbchn

  • MD5

    d3f87e222b8c031978993167ced8c28e

  • SHA1

    1bfa55107f54699e6417a686a43518974f6e6272

  • SHA256

    b2759f034ca9baa743a9bcab422319c795cade5451a6446c2ad28fcc743bcbf5

  • SHA512

    38f0022d87c82f56422a97b9bdec6da78d3f4c1d075c6f1161ca55c5e3991d9df9dd8ea63db18c0a5030036c3e5644fe28acb6cf13bfbbe76dab5d0e61890329

  • SSDEEP

    98304:PhU+/J8DrwqX+MuvGMjkBXJzT/RARtsZGx7Tm:pF/J8/TfUyB1j+8um

Score
10/10
blackmoonransomware

Malware Config

Targets

    • Target

      XiaoBa.exe

    • Size

      4.0MB

    • MD5

      627914078afb6e8601c91fc8552887bc

    • SHA1

      7e149639e304024e895b2ce7a35a1626abf084f2

    • SHA256

      b4ec9be8e93dd3f6f48db661592ad6a96ffde8827a7a30362eec06232d9b8da5

    • SHA512

      52dd6dcfc9d70c8d4fa47c589fc54d939277bcf2fc1989efb8830384b2bce2ebca4ad28c347e2339783f4c4d86edbade9c4a5d3487daa885310db5d7f61883b8

    • SSDEEP

      49152:o0C8/tCdsXPZzy5ljatKM4ct5BzvX0bkUF5SQ2CgAY2AMrwZP4rDGjM+osrJJ+X:XMs/ZWfJMp/dMbXbSHAnAMrwsGQ+NA

    Score
    7/10
    ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks