Overview

overview

10

Static

static

10

run.bat

windows7-x64

9

run.bat

windows10-2004-x64

9

update.exe

windows7-x64

1

update.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sus from DC1.7z

  • Size

    2.2MB

  • Sample

    230112-2jlhfsbe76

  • MD5

    23d173a46e32cbafcce943108f6ce5f2

  • SHA1

    0d764bf3eb47f4b3e597b0f6d6e28e504d018c63

  • SHA256

    b9089e998c8b58b04f40aafd9957a68d7c3efa42d0a8137db037abeab6b7e117

  • SHA512

    9424d22b1829286458d6564903d462bb0f75a055046a5a4bdfe0d97a54ac69340b07806de7fb7a3e12a49ff0f6c7091586a143c89559ad4b967b62ece38881ff

  • SSDEEP

    49152:VbMC1ytbsTs6x9y/RU5r1h/quzpWvJZshwaqL3sGmYQ+jZAR5DhhFt27jSGic:J1ytbws6jhTpEQhwaqL3B+5dhFtQ3ic

Score
10/10
blackcatevasionransomware

Malware Config

Targets

    • Target

      run.bat

    • Size

      714B

    • MD5

      090f5292edb66547a84094521f168cf9

    • SHA1

      3b6b4a4dbfb8642b43624a48a06965dc07c4544f

    • SHA256

      50ac2f51e0bd5a497332633e6705fb206dbcd58523fb9e5d8ed5163e3a76b134

    • SHA512

      14d030744039d646401db5c5e49b2b80218ce05bb07f744b6926751f6d652ee7f809375c37c183f34be2535f6b5c5e5cd3aee8877ea7d130c73e11269b77e427

    Score
    9/10
    evasionransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion
    behavioral1behavioral2

    • Target

      update.exe

    • Size

      7.0MB

    • MD5

      c5b1c30bff7a31a3b7fcf62c5f12dc00

    • SHA1

      ce94fb5f107aaa7bfab80047819b42aa141aef28

    • SHA256

      db2330469c68f6faa102c2c9d5c57ffaa59006a666f75574488b94b6b03cc4a8

    • SHA512

      2b79987ae13f30eb70a6c159e99c53eecbfddd370f214e44d7194d86721d1d1a1535333b9de11d8fb68917281efee21fed7002e873c2b2ce85e8153dfb208cac

    • SSDEEP

      98304:VVgNIFqtjf5iUbmuRL3zfMEDTPbRKTQ3I6AhgIJ3hb:/gNEqtjf5Jb9RUEHbRKTQY6AhgS3hb

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks