Overview

overview

10

Static

static

3

Securaforge.exe

windows10-1703-x64

10

Securaforge.exe

windows10-2004-x64

7

Securaforge.pyc

windows10-1703-x64

3

Securaforge.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Securaforge.exe

  • Size

    11.0MB

  • Sample

    231105-tbclksac66

  • MD5

    9c0b72024920bcb30b933632ce394f3e

  • SHA1

    9e1438757e1d8e60b9580d2af0359c42ff27ba9e

  • SHA256

    21332615c6be6f5a184c5b74d928b97be94792fc1344fd56e08e8ca0401ae534

  • SHA512

    aca0895ba2db5f6f53afb2db4bfbd07214c04035f21888f51a51d6306473073fae2b979b614437609292943b8ba288ae21d2e51a01c5506f67977e57e240e5ba

  • SSDEEP

    196608:vEh7dSiIE7SRporZVExDwGcsAgectcGfcY3gtywIf7E5MsFakwQHM+:MaiIE7YodVExk3meWcGfdlYM/kB7

Score
10/10
jigsawpersistencepyinstallerransomwarespywarestealer

Malware Config

Targets

    • Target

      Securaforge.exe

    • Size

      11.0MB

    • MD5

      9c0b72024920bcb30b933632ce394f3e

    • SHA1

      9e1438757e1d8e60b9580d2af0359c42ff27ba9e

    • SHA256

      21332615c6be6f5a184c5b74d928b97be94792fc1344fd56e08e8ca0401ae534

    • SHA512

      aca0895ba2db5f6f53afb2db4bfbd07214c04035f21888f51a51d6306473073fae2b979b614437609292943b8ba288ae21d2e51a01c5506f67977e57e240e5ba

    • SSDEEP

      196608:vEh7dSiIE7SRporZVExDwGcsAgectcGfcY3gtywIf7E5MsFakwQHM+:MaiIE7YodVExk3meWcGfdlYM/kB7

    Score
    10/10
    jigsawpersistenceransomwarespywarestealer

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Securaforge.pyc

    • Size

      4.0MB

    • MD5

      23c99573ca272ebe5b65156f40333f4b

    • SHA1

      f477181146481817fcf00b0ed3c1a30b5bb21638

    • SHA256

      23a71768411dc01097018a330549a18e7cfe25210e68040e5bfa3e872b6c1a16

    • SHA512

      56887fbe23f3ce4d9eeedd1bae046c856548566de343f93ef83d8f0dca253cde23b9d055fcea6df0bc47cafbd3f40ef1f72cb1c05af21b23f4a6b53c5dda3364

    • SSDEEP

      24576:ayiiLHBvpNnLPcPRLGg4YPzGyCaXmDLT01/QOIgPgPIhUTRD40d/l/rzBik0uaTv:IiLHBvPPiRG1Xo1tIgP040dnikCp9

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks