Overview

overview

10

Static

static

3

B̷u̷c̷k...̷.rar

windows10-2004-x64

Buckshot Roulette.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B̷u̷c̷k̷s̷h̷o̷t̷ R̷o̷u̷l̷e̷t̷t̷e̷.rar

  • Size

    146.3MB

  • Sample

    240212-v58rjscc52

  • MD5

    496bd1858c3e2a3a44a5f16da029e9d7

  • SHA1

    8df2a8c4020dde5ab5448826080547bbd3e2c58f

  • SHA256

    bb231edffd746ffcab7c11330e73036d096a6f80ad032da2f641e67acc7de662

  • SHA512

    0016f462508a21a7e888c498d7494f0e8d3359fe060c12e3e6641c1808a881e1be75ba81975e9809893b486ae52fbdae1a8dd9c9efb7ee5b60e88f4dcd7c1d6e

  • SSDEEP

    3145728:gjzCUwaZtEXxA+EoeOS9MrNMeeAy7mLJExRDXHUxod7hqqp9Z6:ICUzEMoen9YpeAqLfX0xoxd94

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      B̷u̷c̷k̷s̷h̷o̷t̷ R̷o̷u̷l̷e̷t̷t̷e̷.rar

    • Size

      146.3MB

    • MD5

      496bd1858c3e2a3a44a5f16da029e9d7

    • SHA1

      8df2a8c4020dde5ab5448826080547bbd3e2c58f

    • SHA256

      bb231edffd746ffcab7c11330e73036d096a6f80ad032da2f641e67acc7de662

    • SHA512

      0016f462508a21a7e888c498d7494f0e8d3359fe060c12e3e6641c1808a881e1be75ba81975e9809893b486ae52fbdae1a8dd9c9efb7ee5b60e88f4dcd7c1d6e

    • SSDEEP

      3145728:gjzCUwaZtEXxA+EoeOS9MrNMeeAy7mLJExRDXHUxod7hqqp9Z6:ICUzEMoen9YpeAqLfX0xoxd94

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies WinLogon

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

    • Target

      Buckshot Roulette.exe

    • Size

      369.9MB

    • MD5

      505446c935ff4af29bb62a2ad16dcf7d

    • SHA1

      4602b18ccfa541eca9e19098e96aef6454f6e1ef

    • SHA256

      95edf1435e855231295bb1d2e2dbc501f931618e35e7a9b9bb053718a7eb9e0f

    • SHA512

      a5129aa532f2eada23a57c803cfc8a1d21da34e866e3605d25491ba3a5b71fc91982cae51f929f7256882d63ff942b432b9de0fd4c062a13687ef6e9baf4f4fe

    • SSDEEP

      6291456:TPjxORZO1A+NAM2Sy3Qg9pKfGpEaa7uPgNZjl:7joRk1AiAMTy3Qg9pKfGpEaa7ueh

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks