evilquest | 843b8434ab69089970530b0d1a9865a89d25aed88bc98d91845bfe41a6dfc31b | Triage

Submit
Reports

Overview

overview

Static

static

cb408d4576...49.elf

windows10-2004-x64

Sharing

General

Target

cb408d45762a628872fa782109e8fcfc3a5bf456074b007de21e9331bb3c5849.zip
Size

68KB
Sample

230606-xeszhsff4v
MD5

d6288280f7f662ae69e6e83a8f008a43
SHA1

fe3901bd8c8c7382ff7f1fed64be430fec4ce1d1
SHA256

843b8434ab69089970530b0d1a9865a89d25aed88bc98d91845bfe41a6dfc31b
SHA512

463318df043703bc7f9fe9db2df186bbb2df1f54598e0c86639e94931ba057ba73bd9b0eb4351f2982eb0945e04c10c99e52faa3e2baede21db8960818e4631f
SSDEEP

1536:8F6jYsSy3t3HwYLvsbqnsnuVRNQcMpEGClTMBs8aRb+BW:GYt3RvsunqsQYlOa1+U

Score

10^/10

evilquest ransomexx_lin backdoor ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cb408d45762a628872fa782109e8fcfc3a5bf456074b007de21e9331bb3c5849.elf

Resource

win10v2004-20230220-en

evilquest ransomexx_lin backdoor ransomware

windows10-2004-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  cb408d45762a628872fa782109e8fcfc3a5bf456074b007de21e9331bb3c5849.elf
- Size
  
  207KB
- MD5
  
  aa1ddf0c8312349be614ff43e80a262f
- SHA1
  
  91ad089f5259845141dfb10145271553aa711a2b
- SHA256
  
  cb408d45762a628872fa782109e8fcfc3a5bf456074b007de21e9331bb3c5849
- SHA512
  
  577c809ade4639b8710a05e004c2ee885b04d723877d82db64c79673d12ef4cbe8890c006a07d82bcc0fd6a7f4bb881702842b7847e6b0ecad656c30e065fc6d
- SSDEEP
  
  3072:S99WWZz+oOmR2TmR23dtfSWOvuQVPpkv/q2JYWeOn2Fow1+w71gBBHCNswAIk5zz:CA2R2th/qVo06
Score

10^/10

evilquest ransomexx_lin backdoor ransomware
- Detected Linux variant of RansomEXX
- EvilQuest
  EvilQuest family.
  backdoor evilquest
- EvilQuest payload
- RansomEXX Ransomware
  Targeted ransomware which initially affected Windows systems, but released a Linux variant in November 2020.
  ransomware ransomexx_lin
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evilquestransomexx_linbackdoorransomware

© 2018-2024

Terms | Privacy