ekans | c769d18467a420260b285209c29bff106ccafc279f20dc602b9fc69d4e78c8ac | Triage

Submit
Reports

Overview

overview

Static

static

3

026eb02c34...b0.exe

windows7-x64

026eb02c34...b0.exe

windows10-2004-x64

Sharing

General

Target

026eb02c34da452f7e5d4289c0be85b0
Size

3.6MB
Sample

231224-r97hhaadbr
MD5

026eb02c34da452f7e5d4289c0be85b0
SHA1

cc71d0e6310534b1e4e51d894c811388b72b5812
SHA256

c769d18467a420260b285209c29bff106ccafc279f20dc602b9fc69d4e78c8ac
SHA512

0811f0593a8aed64a6e526f0addc18b9e575df4789d04f08c36a4fa6ad62e14d6a7ce1219972dafaed4a1f44fbddd063b4cb58144b748940a45ae682c208831c
SSDEEP

49152:6w6A5EYjP4F93TagGwmiS4rq+Ei88e76CjzOQmAqaAams:6w6A5EYjP1gPlBK8L3nLaA

Score

10^/10

ekans zebrocy backdoor ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

026eb02c34da452f7e5d4289c0be85b0.exe

Resource

win7-20231215-en

ekans zebrocy backdoor ransomware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

026eb02c34da452f7e5d4289c0be85b0.exe

Resource

win10v2004-20231215-en

ekans zebrocy backdoor ransomware trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  026eb02c34da452f7e5d4289c0be85b0
- Size
  
  3.6MB
- MD5
  
  026eb02c34da452f7e5d4289c0be85b0
- SHA1
  
  cc71d0e6310534b1e4e51d894c811388b72b5812
- SHA256
  
  c769d18467a420260b285209c29bff106ccafc279f20dc602b9fc69d4e78c8ac
- SHA512
  
  0811f0593a8aed64a6e526f0addc18b9e575df4789d04f08c36a4fa6ad62e14d6a7ce1219972dafaed4a1f44fbddd063b4cb58144b748940a45ae682c208831c
- SSDEEP
  
  49152:6w6A5EYjP4F93TagGwmiS4rq+Ei88e76CjzOQmAqaAams:6w6A5EYjP1gPlBK8L3nLaA
Score

10^/10

ekans zebrocy backdoor ransomware trojan
- Ekans
  Variant of Snake Ransomware. Targets ICS infrastructure, known to have been used against Honda in June 2020.
  ransomware ekans
- Ekans Ransomware
  Executable looks like Ekans ICS ransomware sample.
- Zebrocy
  Zebrocy is a backdoor created by Sofacy threat group and has multiple variants developed in different languages.
  trojan backdoor zebrocy
- Zebrocy Go Variant
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

ekanszebrocybackdoorransomwaretrojan

behavioral2

ekanszebrocybackdoorransomwaretrojan

© 2018-2024

Terms | Privacy