Overview

overview

10

Static

static

1

channels4_profile.jpg

windows10-1703-x64

channels4_profile.jpg

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    channels4_profile.jpg

  • Size

    166KB

  • Sample

    230920-p9jekagd6s

  • MD5

    6ff83d9e01d5432818d881d3f9f1592b

  • SHA1

    30e9b0308bbfb5c63f052afb1d80506e5a72658b

  • SHA256

    0d5d3ea540339404718d26daec45f8d9c8657d057c84392fea968a17ac103b66

  • SHA512

    a66f6003adca841d99f1762d44003153b039006a87256101132e768e49add16d019e637fe98e9fdcad23e5f2fc4ee98f7996696f00467eb5b35595ef6cbf235b

  • SSDEEP

    3072:3KoJurQzXQ5V0XFogA3unvet68FQW4wRpUpLT9JwSYWcM2JnrpibgyIxHoSHU/7n:FDsLGe3QopYYSYf3pibgySP8qY

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      channels4_profile.jpg

    • Size

      166KB

    • MD5

      6ff83d9e01d5432818d881d3f9f1592b

    • SHA1

      30e9b0308bbfb5c63f052afb1d80506e5a72658b

    • SHA256

      0d5d3ea540339404718d26daec45f8d9c8657d057c84392fea968a17ac103b66

    • SHA512

      a66f6003adca841d99f1762d44003153b039006a87256101132e768e49add16d019e637fe98e9fdcad23e5f2fc4ee98f7996696f00467eb5b35595ef6cbf235b

    • SSDEEP

      3072:3KoJurQzXQ5V0XFogA3unvet68FQW4wRpUpLT9JwSYWcM2JnrpibgyIxHoSHU/7n:FDsLGe3QopYYSYf3pibgySP8qY

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks