Overview

overview

9

Static

static

1

doenerium-...1).zip

windows10-1703-x64

9

Resubmissions

20-10-2023 15:14

231020-smnybaec37 9

20-10-2023 14:55

231020-satb9sce61 9

20-10-2023 14:50

231020-r7rz2aeb56 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    doenerium-main (1).zip

  • Size

    4.1MB

  • Sample

    231020-smnybaec37

  • MD5

    9488a08739c47293959e3da3703dd637

  • SHA1

    5dbf6d146fa3ec213dd18842a85eca6e3a9fb1eb

  • SHA256

    363110d3ff2611c9011f3f537f5887234d60f5f6090be45771f47a075f63b66f

  • SHA512

    9091c462b25a30372c5fbdcab21bd682ad7e2b20485e0377cea58e33ff0beaf6a00b91567c88e3be5a1936529cd7dbf529744642d6c743b6a7d45bcb45ff868d

  • SSDEEP

    98304:ROKO1/UDI4y5JYi/LzQnj7sSzym5So54Bz1KR6synlDZ5RZ/hCRfKV7b:ROKM/Uu5CMgxzym5nKB55xvZ5CR6

Score
9/10
discoverypersistenceransomware

Malware Config

Targets

    • Target

      doenerium-main (1).zip

    • Size

      4.1MB

    • MD5

      9488a08739c47293959e3da3703dd637

    • SHA1

      5dbf6d146fa3ec213dd18842a85eca6e3a9fb1eb

    • SHA256

      363110d3ff2611c9011f3f537f5887234d60f5f6090be45771f47a075f63b66f

    • SHA512

      9091c462b25a30372c5fbdcab21bd682ad7e2b20485e0377cea58e33ff0beaf6a00b91567c88e3be5a1936529cd7dbf529744642d6c743b6a7d45bcb45ff868d

    • SSDEEP

      98304:ROKO1/UDI4y5JYi/LzQnj7sSzym5So54Bz1KR6synlDZ5RZ/hCRfKV7b:ROKM/Uu5CMgxzym5nKB55xvZ5CR6

    Score
    9/10
    discoverypersistenceransomware

    • Renames multiple (1228) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks