Overview

overview

10

Static

static

10

VirusShare...f6.exe

windows7-x64

9

VirusShare...f6.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_3f7c8d182151b687bb8ffb44c7b97bf6

  • Size

    13KB

  • Sample

    240207-gm1fkadgb4

  • MD5

    3f7c8d182151b687bb8ffb44c7b97bf6

  • SHA1

    865a68f66284a0c1e8069053ba636ce67b93be11

  • SHA256

    621fa67c7f88ab196a6410a13617d1e11a356588d0908c4ea51278342effe682

  • SHA512

    4e3a06c3147f4ccf6f0c1e920a23d17d80f31d567164fda8dea35fd71d14fa00481e01794365485e0f180f1aacb440a6f76b9e553a47ee3517497c2474533b00

  • SSDEEP

    384:qebFNw4Pk1itKkpAjjI2YpdmW7exy+rX:q0FmBkpKjPYpPXsX

Score
10/10
xoristpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      VirusShare_3f7c8d182151b687bb8ffb44c7b97bf6

    • Size

      13KB

    • MD5

      3f7c8d182151b687bb8ffb44c7b97bf6

    • SHA1

      865a68f66284a0c1e8069053ba636ce67b93be11

    • SHA256

      621fa67c7f88ab196a6410a13617d1e11a356588d0908c4ea51278342effe682

    • SHA512

      4e3a06c3147f4ccf6f0c1e920a23d17d80f31d567164fda8dea35fd71d14fa00481e01794365485e0f180f1aacb440a6f76b9e553a47ee3517497c2474533b00

    • SSDEEP

      384:qebFNw4Pk1itKkpAjjI2YpdmW7exy+rX:q0FmBkpKjPYpPXsX

    Score
    9/10
    persistenceransomwarespywarestealer

    • Renames multiple (2137) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks