Overview
overview
10Static
static
3Ransomware.7ev3n.exe
windows7-x64
Ransomware.7ev3n.exe
windows10-2004-x64
Ransomware...it.exe
windows7-x64
10Ransomware...it.exe
windows10-2004-x64
10Ransomware...us.exe
windows7-x64
10Ransomware...us.exe
windows10-2004-x64
10Ransomware...er.exe
windows7-x64
10Ransomware...er.exe
windows10-2004-x64
10MalwareCol...om.zip
windows7-x64
1MalwareCol...om.zip
windows10-2004-x64
1MalwareCol...v1.zip
windows7-x64
1MalwareCol...v1.zip
windows10-2004-x64
1MalwareCol...00.zip
windows7-x64
1MalwareCol...00.zip
windows10-2004-x64
1MalwareCol....0.zip
windows7-x64
1MalwareCol....0.zip
windows10-2004-x64
1MalwareCol....A.zip
windows7-x64
1MalwareCol....A.zip
windows10-2004-x64
1General
-
Target
MalwareCollection-master.zip
-
Size
57.3MB
-
Sample
240224-nle7kaac64
-
MD5
b59aed5137772e644e29ad334dba17e0
-
SHA1
a2e545bbe058bddee0f7af68e21c3471d4abc3ab
-
SHA256
c6a916c33096cd488ca57c28863c433cf5279128aa50ea156761bab6444f4937
-
SHA512
daaa8ff6ddb53cb2c3c0218f73be43807982b13f0b5893a322bdd719e0f208b7b98586d0516b04e2e0f36c7dea45dde3fa8423c421f7d82cb9dbb14e3cede525
-
SSDEEP
1572864:9j/A/cygNPTitKk8Gq4+/34speZ0jqmhkv71Cg8a6Egs5:Z/ZygNPTitKkRqh/34sprj3q1C31Egs5
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.7ev3n.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Ransomware.7ev3n.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Ransomware.BadRabbit.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Ransomware.BadRabbit.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
Ransomware.CoronaVirus.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Ransomware.CoronaVirus.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
Ransomware.CryptoLocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Ransomware.CryptoLocker.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
MalwareCollection-master/Ransomware/Ransomware.NoMoreRansom.zip
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
MalwareCollection-master/Ransomware/Ransomware.NoMoreRansom.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
MalwareCollection-master/Ransomware/Ransomware.WannaCrypt0r.v1.zip
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
MalwareCollection-master/Ransomware/Ransomware.WannaCrypt0r.v1.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
MalwareCollection-master/Trojan/Trojan.000.zip
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MalwareCollection-master/Trojan/Trojan.000.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
MalwareCollection-master/Trojan/Trojan.MEMZ-4.0.zip
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
MalwareCollection-master/Trojan/Trojan.MEMZ-4.0.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
MalwareCollection-master/Worm/Email-Worm/Email-Worm.Mylife.A.zip
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
MalwareCollection-master/Worm/Email-Worm/Email-Worm.Mylife.A.zip
Resource
win10v2004-20240221-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Targets
-
-
Target
Ransomware.7ev3n.exe
-
Size
315KB
-
MD5
9f8bc96c96d43ecb69f883388d228754
-
SHA1
61ed25a706afa2f6684bb4d64f69c5fb29d20953
-
SHA256
7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5
-
SHA512
550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6
-
SSDEEP
6144:BswDdb2MemnBVlz0SoVbO4A6OA4Trl28TyT6llY1/I8cWJWlfTXv:BswRSslz0P1OdFXJlJ8buXv
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Ransomware.BadRabbit.exe
-
Size
431KB
-
MD5
fbbdc39af1139aebba4da004475e8839
-
SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0
-
SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
-
SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87
-
SSDEEP
12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
mimikatz is an open source tool to dump credentials on Windows
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Ransomware.CoronaVirus.exe
-
Size
1.0MB
-
MD5
055d1462f66a350d9886542d4d79bc2b
-
SHA1
f1086d2f667d807dbb1aa362a7a809ea119f2565
-
SHA256
dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0
-
SHA512
2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1
-
SSDEEP
24576:FRYz/ERA0eMuWfHvgPw/83JI8CorP9qY0:FE/yADMuYvgP93JIc2
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (312) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
Ransomware.CryptoLocker.exe
-
Size
338KB
-
MD5
04fb36199787f2e3e2135611a38321eb
-
SHA1
65559245709fe98052eb284577f1fd61c01ad20d
-
SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
-
SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
-
SSDEEP
6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv
Score10/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
MalwareCollection-master/Ransomware/Ransomware.NoMoreRansom.zip
-
Size
916KB
-
MD5
032f198b7b5d9553ba2e7bf34d9f33c0
-
SHA1
23bb43f6991b59516b20ed7d07cc55879a9192f2
-
SHA256
a1a0c26a3976bd07fae54519d2ca62818987ddcb7ae8dd44cebc710c1928548b
-
SHA512
92f9f0dfce9b48602d87d86d6e73f308573168a01e851982d1a0a0baa76568495b5815a3ed11928463db5f5aa8b6d0b685968588eb75ef9624ae5b9355922788
-
SSDEEP
24576:whK+SCleARYrlhgOZiapPMOiwtCd8BvABnU0FJtjVcW7:whVSCRAhgMia+OFnFAVtpZ7
Score1/10 -
-
-
Target
MalwareCollection-master/Ransomware/Ransomware.WannaCrypt0r.v1.zip
-
Size
191KB
-
MD5
04d2762c440097c67cef47fcba96ce3c
-
SHA1
6ecf78935809ea1699a9dd075b489ef27bd00c02
-
SHA256
593a4b3fb31a25c433f4c04fe6a9bdacfc30771ac41e3f394b81b0a13f6e5df8
-
SHA512
c00118b7fb2ef8c386c49cb95fc0e0e9d39d90eb9b1cdd10145ce2bc5d99bb6361daf90b9b5e5de42464583c9ee864b29de5d87aaeb8f82f610342fc6fd13bfd
-
SSDEEP
3072:kNmj7C7mm4HynVpIDTLjbMQ40rDi9Lpnrq3TrWmb/wnLCJuPCx:MmjO7hNnLIvnb2qiJpn23TrWmDwnLCJT
Score1/10 -
-
-
Target
MalwareCollection-master/Trojan/Trojan.000.zip
-
Size
121KB
-
MD5
ea01841aaa16d6c7d6d6d8c4d94d1278
-
SHA1
fb6662262d0b18278ba111fdb65e1208793444a5
-
SHA256
697e2609b2430c8f5a2421a8ff86926bb2bc1dfa9fc67aebf58152102ad02b13
-
SHA512
b11807f1f52264e4e0c5653f7350c3d50a5e4350b92e23f6c4e3bb26edebe79502f0710058c27ba892c0436868004cba29f6e93344fdc23b1db3b9852d69454a
-
SSDEEP
3072:vbGHZNTKIVLS8c++PpUKhcLY7U/RWN1lz62h/lTwJcZK:vIZhKI88yPjhWIU81llTwJcY
Score1/10 -
-
-
Target
MalwareCollection-master/Trojan/Trojan.MEMZ-4.0.zip
-
Size
8KB
-
MD5
6d1c6d848c80c62c8886f3f4a05d9e16
-
SHA1
cd815164b65537f8134b389ea8698591b5f92043
-
SHA256
d6eb28f01b2d59777c30d37b851c095ce73c7fca0523805b7c1e6ad687d41d89
-
SHA512
39dcfd16526e4a9f395a151a277deccee62f46a4e0380adebaa3556e7e6b73ee6a197b32db1b70ec0c1dc6e766e82115e8bce088ce3ba48ca0e9d790b4b20eb2
-
SSDEEP
192:XIpLlKueTbS91NnmDPYG9Yuq/XmONuwsBThAb4WULr1ZyZdyg:0LlKPSYTYWLqruphAdULTqdV
Score1/10 -
-
-
Target
MalwareCollection-master/Worm/Email-Worm/Email-Worm.Mylife.A.zip
-
Size
21KB
-
MD5
16ede8d6dc128db98c80d0291644ec28
-
SHA1
ee06a26bdf7084ab6fe987af6e6c9bfafd4fcc09
-
SHA256
ee963ace2c315a3a6323a22e1eaf7e6b80bfcaf8f1f0080d9f0b1cd25ce4eff6
-
SHA512
32aeb31ba894b7a6bbb6299b590be98c08bb407d7585459bc62f3d453fa77ea3cb0aa8263bd75fde91c605718fa33a6eae3f4bb3f2b7d98ae64b44322a8c7cb2
-
SSDEEP
384:h1GVZNKbSIBbRlWotth9IL13lAdZQzCuV85zKTtfzHLZKsMTfoihPL9OsU:KZNKeIBbRI/3lAdwp85zWHlKNzo8rU
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1