228f0320b0a741d86dca0915a580c9c793e0e4f8f83139edfaf81ee900f4af38 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b78e36ce5fee3exeexeexeex.exe
Size

315KB
Sample

230709-jcg8cabb66
MD5

8b78e36ce5fee3a7afbfd2951b5d4e42
SHA1

9a9f217a02263cc6d662e0111d9f03872c55ce72
SHA256

228f0320b0a741d86dca0915a580c9c793e0e4f8f83139edfaf81ee900f4af38
SHA512

2a7d746763e22c5c8e56c89786c86cd92dad4b6247fb4fb319cab8a6b9553630388cea7ef31fee49aff0c2bc9b52bde82979108239f1eb88a305c2981f71de0a
SSDEEP

6144:Si+4B/StcWOkySsU7HjPD/NzNfFdE9WWbP94YQtHKnvCI1F7q:KI/NJMb3dfazKV

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  8b78e36ce5fee3exeexeexeex.exe
- Size
  
  315KB
- MD5
  
  8b78e36ce5fee3a7afbfd2951b5d4e42
- SHA1
  
  9a9f217a02263cc6d662e0111d9f03872c55ce72
- SHA256
  
  228f0320b0a741d86dca0915a580c9c793e0e4f8f83139edfaf81ee900f4af38
- SHA512
  
  2a7d746763e22c5c8e56c89786c86cd92dad4b6247fb4fb319cab8a6b9553630388cea7ef31fee49aff0c2bc9b52bde82979108239f1eb88a305c2981f71de0a
- SSDEEP
  
  6144:Si+4B/StcWOkySsU7HjPD/NzNfFdE9WWbP94YQtHKnvCI1F7q:KI/NJMb3dfazKV
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistenceransomwarespywarestealertrojan