Overview

overview

10

Static

static

3

0957219244...70.exe

windows7-x64

10

0957219244...70.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    095721924420baff3670898412fc911ff32540544e8fad5495d334cded931270.zip

  • Size

    6.3MB

  • Sample

    231230-tzjpsscga3

  • MD5

    42fbebc5a1cc70d8f44f0bcd44c0e339

  • SHA1

    fab8d838022d11d136b9b64d16394c276a90a86a

  • SHA256

    0ade46c70e72d18fa408e8b0a79791363f5fb52f34a0924829f936bf1d3e9085

  • SHA512

    455fa7aee90dc05fc52755733364a553af1485f10eb1ac095d0e0a32eb6896a4415424d99b4f9a9c4b83b7991438d7ce3c4c1ff73a62f2aecc8f1477a13ca713

  • SSDEEP

    196608:sG6AF4pSCGpbc/bBMSBjI9NZop3DHnvLPLfjw3bQfhWu:b6AFmSC9/b6SBc3ZSDHv83bQp3

Score
10/10
matrixdiscoveryevasionpersistenceransomwarespywarestealerupx

Malware Config

Targets

    • Target

      095721924420baff3670898412fc911ff32540544e8fad5495d334cded931270.exe

    • Size

      6.5MB

    • MD5

      1a699d18fc42426c1fdfe7ad01a42d20

    • SHA1

      f8b0d7c0019f48ffb8f6d0f0634104751cc5842f

    • SHA256

      095721924420baff3670898412fc911ff32540544e8fad5495d334cded931270

    • SHA512

      b6c0abad59318341f2ce0c9057df1d3dfe6421da36519b15927bbe769807ca007761bc47a64e69513ddb9d9cd02f8f2df6bce755a5c26adfadacd62da08ba253

    • SSDEEP

      196608:ugY5Wpp0209r4M3jtxMTdLZ4jSonnP6TH3DwGP:Y5Wp0202A/ConuP

    Score
    10/10
    matrixdiscoveryevasionpersistenceransomwarespywarestealerupx

    • Matrix Ransomware

      Targeted ransomware with information collection and encryption functionality.

      ransomwarematrix

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

File and Directory Permissions Modification

1
T1222

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

3
T1490

Tasks