Overview

overview

10

Static

static

10

2024-02-27...il.exe

windows7-x64

1

2024-02-27...il.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-27_3924ad7a286f4b8a5639dd515043264d_mimic-ransomware_revil

  • Size

    2.0MB

  • MD5

    3924ad7a286f4b8a5639dd515043264d

  • SHA1

    b8b5e1573e751719fb9f46f7be9f2534af65f5b0

  • SHA256

    7929eddeaeefb0880cffd80bc3b1c3e961c47245b91c771c45ac87e16d410038

  • SHA512

    dfb15b9c112bfc67a357df506e0aa184dd9ca108c131f9ce821add74dc334dc3d4928b37527ea1b26b3bc62848cd4fb2b4365de737c93ed915e92accbfc4a324

  • SSDEEP

    49152:ohBJrWt7Yfg1evewmI874ZtPttM/G/jOaVUx4PW:ohBJrWF04RIu4Zfa0USPW

Score
10/10
mimic

Malware Config

Signatures

  • Detects Mimic ransomware 1 IoCs
  • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs
  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Mimic family
    mimic
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-02-27_3924ad7a286f4b8a5639dd515043264d_mimic-ransomware_revil
    .exe windows:6 windows x86 arch:x86

    ec5356d8e0f77a28432ffd3fb34115c9


    Headers

    Imports

    Sections