Overview

overview

9

Static

static

1

URLScan

urlscan

1

https://o-cs.ru/load...

windows10-1703-x64

9

Resubmissions

17/05/2024, 09:51

240517-lvyzxsch36 8

23/10/2023, 14:02

231023-rb72dahb3t 8

06/10/2023, 16:49

231006-vbm8ragf53 10

05/10/2023, 17:42

231005-waeewsdc8x 7

05/10/2023, 15:47

231005-s8ab2scb7v 1

05/10/2023, 15:37

231005-s2p4xsca9y 10

30/09/2023, 16:10

230930-tmev3sdf8x 7

30/09/2023, 16:04

230930-tjcasafb36 1

28/09/2023, 10:37

230928-mn432aaf3w 9

26/09/2023, 11:52

230926-n17kcsha71 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://o-cs.ru/load/sborki_cs_1_6/russkaja_versija_ks_1_6/335-1-0-162

  • Sample

    230928-mn432aaf3w

Score
9/10
discoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      https://o-cs.ru/load/sborki_cs_1_6/russkaja_versija_ks_1_6/335-1-0-162

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (109) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Downloads MZ/PE file

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks