Overview

overview

10

Static

static

3

37924698d4...ex.exe

windows7-x64

10

37924698d4...ex.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37924698d48454exeexeexeex.exe

  • Size

    843KB

  • Sample

    230706-s3qf3sdg6v

  • MD5

    37924698d48454df2b486429f3f75c8c

  • SHA1

    04a99995340a925fc814198801ef98dc7cb2290c

  • SHA256

    3c049a4ab2751f51e99c90ccf937d7852e6914459252ffb85757fa02bc8bceb4

  • SHA512

    2d80843a089f58353d1bcdaf7e7ee1136672ca0bdaaa8f592718e701bc2d77c7c259a57aba0f6ea4478e9a74999bed4638bdfb94800a59db26094ad053db0747

  • SSDEEP

    24576:wtE2HD/tvy3I+0h5AeM5vNhAhEzEfoBefYrhMTEUrVUo59:wtE29y3CtMhAhEW3EKUoP

Score
10/10
evasionpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      37924698d48454exeexeexeex.exe

    • Size

      843KB

    • MD5

      37924698d48454df2b486429f3f75c8c

    • SHA1

      04a99995340a925fc814198801ef98dc7cb2290c

    • SHA256

      3c049a4ab2751f51e99c90ccf937d7852e6914459252ffb85757fa02bc8bceb4

    • SHA512

      2d80843a089f58353d1bcdaf7e7ee1136672ca0bdaaa8f592718e701bc2d77c7c259a57aba0f6ea4478e9a74999bed4638bdfb94800a59db26094ad053db0747

    • SSDEEP

      24576:wtE2HD/tvy3I+0h5AeM5vNhAhEzEfoBefYrhMTEUrVUo59:wtE29y3CtMhAhEW3EKUoP

    Score
    10/10
    evasionpersistenceransomwarespywarestealertrojan

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

4
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks