Overview

overview

9

Static

static

Payment.Pd...__.exe

windows7-x64

9

Payment.Pd...__.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47b7bcf0b65885fe437801e861d3166700ba1f182c86fcd39767fe0d2adc1812

  • Size

    291KB

  • Sample

    221124-gsljlagc8y

  • MD5

    d4e6d50ab01a9b3762049dca22a02abf

  • SHA1

    ca3f10184c809c35fa4b32e144e0cbd11f20e436

  • SHA256

    47b7bcf0b65885fe437801e861d3166700ba1f182c86fcd39767fe0d2adc1812

  • SHA512

    40a0e3e3f24c19f0d4bc652c808b0d5b6ecf2dd53e7fdefba3871d7b45dc8ebd510cd853abe8b6bc3fc4acaf99fe80493d824d58bf6760659891197dba204ddb

  • SSDEEP

    6144:Qe8qRn5DaitOr8GpzIKr5dMfUgMRcNNye9tO2gOt4bQOB7AmLeP:Qe8qLDU8GpzIKr5dMye9t1tjO9ACeP

Score
9/10
collectionevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Payment.Pdf_____________________________________________________________.exe

    • Size

      465KB

    • MD5

      edf51b7c2507590d697e0899c0cadcb5

    • SHA1

      b59b8c306917ba92c48abba83992e09e9146336c

    • SHA256

      b3913d567ca228ac32cd35b5d6245393d2b2c1d1c40a60edc55ea7a521f96694

    • SHA512

      f584b7b81a0d2f154d3c7534c11cbbc8f4743f57eb69721eedd63ac840368fb0cfefffd02f1bc05639932187c1566c5da1f97c34938dbb5132aa97568e6adfac

    • SSDEEP

      6144:9AKLo20Yi4qqavLoz4cbcJZeCb8Zyf5RmJugB5ejkcWv:9Ls20YivgtQJZeK8ZI5RmsgB5eEv

    Score
    9/10
    collectionevasionpersistenceransomwaretrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks