Overview

overview

9

Static

static

Compenso.P...__.exe

windows7-x64

9

Compenso.P...__.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee3dd72575bb337d1d151eb704bf27c2440d01293f87cdaf0a4bed2f91e722d2

  • Size

    281KB

  • Sample

    221126-fda9msfh9z

  • MD5

    e1b8c016fa86959df4f74450f081b829

  • SHA1

    459bf5b91f70ece5837c5f04eb2a95a46e47b2f1

  • SHA256

    ee3dd72575bb337d1d151eb704bf27c2440d01293f87cdaf0a4bed2f91e722d2

  • SHA512

    f070ff504a4831f641820064227e6f8813b72fabbed5cbcc7d55ec6bfbcb08730d6b91cf37a3ca7d15a649538c1827a57b7959698d183bfec3088471b697207a

  • SSDEEP

    6144:qDTCdxxJ+71AW1WGfISP8uqNPuaPAPibFD1sFNC106qN+J:qDwxxOOg8RaNFNDOJ

Score
9/10
collectionevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Compenso.Pdf______________________________________________________________.exe

    • Size

      446KB

    • MD5

      11ff8a8e9a643deff1dcf58e7e2fdf20

    • SHA1

      40b1d84b341bae23dc5cfa8dd1c44cf96294cd54

    • SHA256

      62d0ce15d2dc5825d4bf46690bc296547387f6b74304ba6a6fedbebba440a490

    • SHA512

      29499106387047744693da395da8aeb695933579f7b1f5dd23613059591215ca60be4021286c04cacf5c02e5726ab28fe2ed15b0a9b6c12571b88532eec156f1

    • SSDEEP

      12288:/uPIb4kzPgkrw1k2Fr8+o/tH18wtuomhUqlDykX:SItUkrQ5Fr6/n82yblmg

    Score
    9/10
    collectionevasionpersistenceransomwaretrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks