744ed50836579d0adac6df4943e921aa07e4637ab703bfcc1fabefbcf4957894

Resubmissions

25-05-2023 14:44

230525-r3514aag52 10

25-05-2023 14:42

230525-r27tasag47 8

25-05-2023 14:33

230525-rw2p4abd4t 10

Sharing

Copy URL

Twitter E-mail

General

Target

Vewy dangerwous.bat
Size

1KB
Sample

230525-rw2p4abd4t
MD5

8280240db4a4cc8555599df4f6416667
SHA1

de4dd7d5e72af49039fae5b2457a8666a40054db
SHA256

744ed50836579d0adac6df4943e921aa07e4637ab703bfcc1fabefbcf4957894
SHA512

a709308d1a165e93d5275e220cd8a9cb07263021bfcee2ef9d2f70d9e813991916c1a7e7e83b0a9c1ff45f00ec0e8b3a1dbc7f4a8af5ff14fc05e68a2b87c603

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://malicious-url.com/malware.ps1

Targets

- Target
  
  Vewy dangerwous.bat
- Size
  
  1KB
- MD5
  
  8280240db4a4cc8555599df4f6416667
- SHA1
  
  de4dd7d5e72af49039fae5b2457a8666a40054db
- SHA256
  
  744ed50836579d0adac6df4943e921aa07e4637ab703bfcc1fabefbcf4957894
- SHA512
  
  a709308d1a165e93d5275e220cd8a9cb07263021bfcee2ef9d2f70d9e813991916c1a7e7e83b0a9c1ff45f00ec0e8b3a1dbc7f4a8af5ff14fc05e68a2b87c603
Score

10^/10

evasion ransomware trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

UAC bypass

Blocklisted process makes network request

Modifies Windows Firewall

Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2