General
-
Target
ratnik.txt
-
Size
21B
-
Sample
240207-lfqd8sgdhn
-
MD5
6ec911c79fcffa22e46079292a793f13
-
SHA1
d4842709ea2737b81f7b2a624232b865f0cbd709
-
SHA256
fe72988e58e7c97db9d8709ad546b2db7cf2a46e52d56ecb60a916c38521eac2
-
SHA512
7a53fa1f36de8bfb047600a636b3be1055c6ec68eb28d0e929a6f1d27632296442dced59c7f2a8664b1ac49f975bde062c349cca24a0afeb23cc2d662efef412
Malware Config
Targets
-
-
Target
ratnik.txt
-
Size
21B
-
MD5
6ec911c79fcffa22e46079292a793f13
-
SHA1
d4842709ea2737b81f7b2a624232b865f0cbd709
-
SHA256
fe72988e58e7c97db9d8709ad546b2db7cf2a46e52d56ecb60a916c38521eac2
-
SHA512
7a53fa1f36de8bfb047600a636b3be1055c6ec68eb28d0e929a6f1d27632296442dced59c7f2a8664b1ac49f975bde062c349cca24a0afeb23cc2d662efef412
Score10/10-
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (59) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
6