Overview

overview

9

Static

static

3

sample.exe

windows7-x64

9

sample.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6e251cdce45ef45f68fd79cb459d412a81b337820648244f58e0bcebbf020d7.bin.sample.gz

  • Size

    30.3MB

  • Sample

    231111-xlk79aba6s

  • MD5

    36f6aab9ea6038b493ca043a76a78584

  • SHA1

    65722b27e4fbab83e87e4ffb33513c29b9ebd41e

  • SHA256

    03c3be404b81c1cb0136b2be15817cdaded448a51b4a950b5a67891fc723fe2f

  • SHA512

    28623930226e84f88dcaf0a7f6017fe43448b20743e1caba1873ad096a8892c99342c23fcd32bf2a09dd362f6b0fd9d0305ec79fe23f51b102b5f104c5c389cb

  • SSDEEP

    786432:hqzePRuRAxyaRUBo6up59WwwdgBI9NLdmn7WUEl:hqyPRuRaRUBVMWhd5dmn7WLl

Score
9/10
evasionpyinstallerransomware

Malware Config

Targets

    • Target

      sample

    • Size

      30.3MB

    • MD5

      607af6916d6d43c2813f756d16f5c430

    • SHA1

      f8c17200e8da37cab2bfb29ce0794fb4c1d8e31e

    • SHA256

      c6e251cdce45ef45f68fd79cb459d412a81b337820648244f58e0bcebbf020d7

    • SHA512

      4797a8aa6721dba677c0de836be494e00cd466ac1275b7b53fc89a62018d810c9d725d84036134b6295d50f944bf4c0e3dfd5bda16a3c16463f5ffc982d6703d

    • SSDEEP

      786432:g4L41XEhkLC2zEdU+Etx1Q2KBMhwtN3r2vF04I:g481XED2zEdbEQJBJr2vF0B

    Score
    9/10
    evasionransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks