General
-
Target
EliStarA.exe
-
Size
1.7MB
-
Sample
230220-3tfwdsda52
-
MD5
6b8dcb09a6f8e836b5dcc600d11c6223
-
SHA1
b0a1582b9e9871064afae5cb6b1d369599506763
-
SHA256
11aaa12e58f39f192b4f66e56cd0e343d73b69a48dc77a6dfb936483de120152
-
SHA512
feb8bd04778b29efc9b0128dbfd9562368eb825a560dc610abed6a73de1dc7bd33e5e198b439b36828d0a66d4657e354d4a65646141ad3425bed6fd74cb7fcae
-
SSDEEP
49152:lJCDpfmhr2qIhBCwb8lIgwylCJHXv5y7lE8X:6HB/b8KgZA5E
Malware Config
Targets
-
-
Target
EliStarA.exe
-
Size
1.7MB
-
MD5
6b8dcb09a6f8e836b5dcc600d11c6223
-
SHA1
b0a1582b9e9871064afae5cb6b1d369599506763
-
SHA256
11aaa12e58f39f192b4f66e56cd0e343d73b69a48dc77a6dfb936483de120152
-
SHA512
feb8bd04778b29efc9b0128dbfd9562368eb825a560dc610abed6a73de1dc7bd33e5e198b439b36828d0a66d4657e354d4a65646141ad3425bed6fd74cb7fcae
-
SSDEEP
49152:lJCDpfmhr2qIhBCwb8lIgwylCJHXv5y7lE8X:6HB/b8KgZA5E
Score10/10-
DMA Locker
Ransomware family with some advanced features, like encryption of unmapped network shares.
-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies system executable filetype association
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Drops startup file
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-