f8a5ffdc8bdb7590517a0418b6468dc1e0ee58a8573d87d8ab9c0aef71b598cc | Triage

Submit
Reports

Overview

overview

Static

static

KILLER.vbs

windows7-x64

KILLER.vbs

windows10-2004-x64

Sharing

General

Target

KILLER.vbs
Size

47KB
Sample

221102-pj2s8abge4
MD5

a0c297bdf8292acd6722a3ea07611083
SHA1

b2eb77063193f1566fe8898086b2c6f286c52d4b
SHA256

f8a5ffdc8bdb7590517a0418b6468dc1e0ee58a8573d87d8ab9c0aef71b598cc
SHA512

9ffd27e9acf261f7f8aeb3a98a89257e4cb5c8dc78aca7d64762f1d895230fc1248c7b1333816fa7ca823eb4c8c9d4b01c2a1db71f66a792837d155557c45900
SSDEEP

384:m71TIEgivcqpCghtpCAhDnVLri57VurlgRL1xCLI05ej+1DPpUo/i/vFCbWZkraw:m7cGV95hIG1/d49gsCDs8

Score

10^/10

discovery evasion exploit persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

KILLER.vbs

Resource

win7-20220812-en

discovery evasion exploit persistence ransomware trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

KILLER.vbs

Resource

win10v2004-20220901-en

discovery evasion exploit persistence ransomware trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  KILLER.vbs
- Size
  
  47KB
- MD5
  
  a0c297bdf8292acd6722a3ea07611083
- SHA1
  
  b2eb77063193f1566fe8898086b2c6f286c52d4b
- SHA256
  
  f8a5ffdc8bdb7590517a0418b6468dc1e0ee58a8573d87d8ab9c0aef71b598cc
- SHA512
  
  9ffd27e9acf261f7f8aeb3a98a89257e4cb5c8dc78aca7d64762f1d895230fc1248c7b1333816fa7ca823eb4c8c9d4b01c2a1db71f66a792837d155557c45900
- SSDEEP
  
  384:m71TIEgivcqpCghtpCAhDnVLri57VurlgRL1xCLI05ej+1DPpUo/i/vFCbWZkraw:m7cGV95hIG1/d49gsCDs8
Score

10^/10

discovery evasion exploit persistence ransomware trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Disables cmd.exe use via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

File Permissions Modification

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

discoveryevasionexploitpersistenceransomwaretrojan

behavioral2

discoveryevasionexploitpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy