Overview

overview

10

Static

static

3

984122dda1...ex.exe

windows7-x64

10

984122dda1...ex.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    984122dda1afe9exeexeexeex.exe

  • Size

    189KB

  • Sample

    230708-wy2kbshc67

  • MD5

    984122dda1afe9831c6e7d92ea010f72

  • SHA1

    d086c2e6d3fb5369d1301e976dc3fb43f9d50657

  • SHA256

    8a782e5ceee20592cb9fe54bb414e530550e39d2e6107382dd906a027e9ea2e1

  • SHA512

    3ffc025c81fac7dbe3c2d5f642782397f102980987ef62fc3d15d7004fa173291c1193dd9942886010cf23e7ed749b8b94afea7c748eef2a8ccd1208dbc0ef6b

  • SSDEEP

    3072:N4IhJLs7C1tc45hcR23qah+bKhmw8cYqGHJL2+SU8kiy+lhzv6afW4YF:S33Yhc83XhOKhmw8cYqwj65Vzh/YF

Score
10/10
evasionpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      984122dda1afe9exeexeexeex.exe

    • Size

      189KB

    • MD5

      984122dda1afe9831c6e7d92ea010f72

    • SHA1

      d086c2e6d3fb5369d1301e976dc3fb43f9d50657

    • SHA256

      8a782e5ceee20592cb9fe54bb414e530550e39d2e6107382dd906a027e9ea2e1

    • SHA512

      3ffc025c81fac7dbe3c2d5f642782397f102980987ef62fc3d15d7004fa173291c1193dd9942886010cf23e7ed749b8b94afea7c748eef2a8ccd1208dbc0ef6b

    • SSDEEP

      3072:N4IhJLs7C1tc45hcR23qah+bKhmw8cYqGHJL2+SU8kiy+lhzv6afW4YF:S33Yhc83XhOKhmw8cYqwj65Vzh/YF

    Score
    10/10
    evasionpersistenceransomwarespywarestealertrojan

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks