Overview

overview

9

Static

static

3

9243bdcbe3...dc.exe

windows7-x64

9

9243bdcbe3...dc.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18baedf43f4a68455e8d36b657aff03c.bin

  • Size

    105KB

  • Sample

    240110-bhfmpscbd7

  • MD5

    b47b842d5840de6235d5e5b29ceb5c71

  • SHA1

    ebbe901a4bbcc91a2a25ff4557e9ed9ccf62ee03

  • SHA256

    80a8fca48762863e3b433253adad16545130d1eadcb3d972f952ed62a82f6f11

  • SHA512

    e8111495fc02dcf23e0c1989731419ef91099f791cf5d622fb87933257fbb6bf0feb36239bc5e4aaa6eb30852f16ea104cbd349648ce78f8d58a74fb4bc62e41

  • SSDEEP

    3072:GgVBYpFz7SuX0jdfBdtoX+fED9vdTVhcu:GgD0Suk5TeXsEvdVhcu

Score
9/10
ransomware

Malware Config

Targets

    • Target

      9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc.exe

    • Size

      216KB

    • MD5

      18baedf43f4a68455e8d36b657aff03c

    • SHA1

      5770b7c3931f6ed12650ad27b7fb2bf0752b80dc

    • SHA256

      9243bdcbe30fbd430a841a623e9e1bcc894e4fdc136d46e702a94dad4b10dfdc

    • SHA512

      3c3161e2b209b7589be33be288076af6b0e81c000ab66f7eb184ce54114b7e4687cc33e95bc9daf8b61394d8f847f85858bf0c978dbf829c0cd1fd9620231d4e

    • SSDEEP

      3072:h17DaAz38w3vQ7F6PFwgBZTGFKQ+avVe+gGooSlFC2OLKKZAFEMpo4Iv1k:Fb8JF6Pf2KQ+aVB2fJqh4Id

    Score
    9/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (280) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies boot configuration data using bcdedit

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks