Overview

overview

10

Static

static

d5c9cce6e1...81.exe

windows7-x64

10

d5c9cce6e1...81.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981

  • Size

    460KB

  • Sample

    221128-f4savade2t

  • MD5

    ad1fbf4bd151e7d15210a1825d5f09e4

  • SHA1

    32f5e56271ad25af3c1ef94df6cf3db010508d8d

  • SHA256

    d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981

  • SHA512

    9dca92e995069ab65a4455d861b86d53203ab166a001eaeaa5764fcc0dea4400326bb4efa491f46931868779d0459c635b332d97c5f7642d800d93901b4fe524

  • SSDEEP

    6144:7sGoRJkv01CWcAQShgQeAqkQf9FUzt3VTVSEzVVp2oyGCCKNxOKsX9s5iXSyVG8/:pkUQVcA5f+fHqt3XSq1CbhsX9HhMnnu

Score
10/10
evasionpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981

    • Size

      460KB

    • MD5

      ad1fbf4bd151e7d15210a1825d5f09e4

    • SHA1

      32f5e56271ad25af3c1ef94df6cf3db010508d8d

    • SHA256

      d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981

    • SHA512

      9dca92e995069ab65a4455d861b86d53203ab166a001eaeaa5764fcc0dea4400326bb4efa491f46931868779d0459c635b332d97c5f7642d800d93901b4fe524

    • SSDEEP

      6144:7sGoRJkv01CWcAQShgQeAqkQf9FUzt3VTVSEzVVp2oyGCCKNxOKsX9s5iXSyVG8/:pkUQVcA5f+fHqt3XSq1CbhsX9HhMnnu

    Score
    10/10
    evasionpersistenceransomwarespywarestealertrojan

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

4
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks