Overview

overview

10

Static

static

7

CSHacksFre...ks.exe

windows7-x64

1

CSHacksFre...ks.exe

windows10-2004-x64

1

Covid18.exe

windows7-x64

10

Covid18.exe

windows10-2004-x64

10

Covid20.exe

windows7-x64

7

Covid20.exe

windows10-2004-x64

7

Covid21 2.0.exe

windows7-x64

8

Covid21 2.0.exe

windows10-2004-x64

8

Covid666.exe

windows7-x64

Covid666.exe

windows10-2004-x64

CrazyPos.exe

windows7-x64

1

CrazyPos.exe

windows10-2004-x64

1

CrazyText.exe

windows7-x64

1

CrazyText.exe

windows10-2004-x64

1

Cronic.exe

windows7-x64

1

Cronic.exe

windows10-2004-x64

1

country.exe

windows7-x64

1

country.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    country.exe.zip

  • Size

    8.0MB

  • Sample

    240306-w8la4agb7y

  • MD5

    a1d258743281d65a5d9909cbae1168dd

  • SHA1

    1c3eb3e1c55d89c35ce06183cc21f5e975b513ef

  • SHA256

    70971148ed1fadb17a1de707b03b0b61bcf9d523c540b9bf4e411b5bb0dda5f0

  • SHA512

    d33c9385bd8dd16e585e1f2894ef5f80edf97db91340cd03192528d3343576fe332a92e03a62704c3bc4ca6b12094477fca9e7ac49848a6705413e4a2f7f4049

  • SSDEEP

    196608:64MKaR1LoyJsDt2ewpjFno/y09+Vex2fVeBfdjIGGoiCuwqL/re:64MjK4sDt1OpFAj38IiCKi

Score
10/10
aspackv2bootkitevasionpersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      CSHacksFreeNoHacks.exe

    • Size

      105KB

    • MD5

      06ea97fe57005515dcac13901efb3d9d

    • SHA1

      48e42f95e5d7fc1a572f7d50e7e07af462b03f4c

    • SHA256

      5bb7129469665dc7125d27cbd97cc65c17c3cbed91beffc63214b65a970332f6

    • SHA512

      07b15e991c3f0d382052a2faedf6f634dfcdaf18051113fe1300118ac67223c16b218195734894f5477dc36ef3799acda7af8fc23ab990955468505bd74f82da

    • SSDEEP

      1536:BY9V5I5iTSrWc3YiyCmOJu3yUyJCbX40K78JZ:BYzgWcpyCnWbJZ

    Score
    1/10
    behavioral1behavioral2

    • Target

      Covid18.exe

    • Size

      1.1MB

    • MD5

      3350a84a3ab955c4138829a12c611aac

    • SHA1

      5f74b27351f0f771ea65f6e51e5d974406f22e7a

    • SHA256

      fa185e316b5797e7135f56d15caa81c64449fe05f4580f14d7d4651271d1577e

    • SHA512

      e13da1b9f13a0b083007e9423c2408011b618d9cf3b6c78141caf121074ac90341e1b1c18288a5de14dfee4b8829e5dab504da8a0a4a2eff1b35460b3ccd99a3

    • SSDEEP

      24576:bttVypSRczM0Z3h0iRdJKGthQ1/wmtFdmx7CAvU9zrRG:btTLI93Rd7A1w8Fdi75V

    Score
    10/10
    evasionransomwaretrojanupx

    • UAC bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Sets desktop wallpaper using registry

      ransomware
    behavioral3behavioral4

    • Target

      Covid20.exe

    • Size

      4.8MB

    • MD5

      fde53eb92140afb22152cfa283ef26cc

    • SHA1

      b975f240e69307f809e54fabf6ea547183edf130

    • SHA256

      56c6b80e9f525e9010b47112f8085751e8e3fb744e111df3330b481df6a7e954

    • SHA512

      df5eaa0e429e618d7c94eab0dd6021d774abe50ad2d200d3608d1d1c50b70e65eccff564baa2fd2b86a5dad999ff7edb04152ac5cbff209fae7d93c329dff771

    • SSDEEP

      98304:i1EB4Av3kOW561R4+8QxEmKDxUmEhc0R2lIP9W0uJPg4dWzN/ODIw9AtVje7gQ:EEi4z1R4+LKDPEK0RBFduJ44dWpiHAtM

    Score
    7/10
    aspackv2ransomwareupx

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Sets desktop wallpaper using registry

      ransomware
    behavioral5behavioral6

    • Target

      Covid21 2.0.exe

    • Size

      1.2MB

    • MD5

      a7c7f5e792809db8653a75c958f82bc4

    • SHA1

      7ebe75db24af98efdcfebd970e7eea4b029f9f81

    • SHA256

      02fea9970500d498e602b22cea68ade9869aca40a5cdc79cf1798644ba2057ca

    • SHA512

      feb42cc7b4f344c043bda8bebeefa8cbb68406d1e937dcdc5a403981f79587fa438c682c4744a47a77482fc049b0334806d468aeb67edd4a92d90b5acd0c16ae

    • SSDEEP

      24576:kweQ5x+HPXJ9N2qifMpZcu/6z6toe20xYuLFzY77+89J9o2:kwVeHhH2qoMIum62uhY7Kco2

    Score
    8/10
    aspackv2evasionpersistenceransomwareupxbootkit

    • Disables Task Manager via registry modification

      evasion

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral7behavioral8

    • Target

      Covid666.exe

    • Size

      687KB

    • MD5

      0c303ae1347c0395a96f3eb38d26d7ed

    • SHA1

      c8cf473a22fc86ddad00ec286e94422f4b7d5c59

    • SHA256

      1eefaeb98524277d1aeb459b6e4a31472ce2f4ff15f8f45b051e1c8a021c8fa7

    • SHA512

      57e9ca4e5339164a6c3e5f53b8f30410d86139355390e17a2926d5b2263a511f0d47b26f70e95a5cf8daf4c365fec7f057614636e6f092d8320fcdda8debea93

    • SSDEEP

      12288:U7M23cFQpIn5tghlAjyCey1vLd31utolsqHzc30qOocuXi7oS:Ug2sq2nohlAtrvLjutQtI3bOoli

    Score
    8/10
    bootkitevasionpersistenceransomwareupx

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral10behavioral9

    • Target

      CrazyPos.exe

    • Size

      573KB

    • MD5

      a7dd7903fed8e5e525bc3643507ba675

    • SHA1

      941a426c9b9ba088622124cff65bfba06aa3493a

    • SHA256

      9d1f226268d53ca1e3789bc94b427afcec55ae3c97c2194e7dca2cdac9e43d5d

    • SHA512

      58e3b9cef7716ae866f774530b731798801cba6c133f21ee1a3145dc4256a5700dccb381c84625f1a1defcf701df8aa5d2b5b18682f812e4dad4ec6bce551546

    • SSDEEP

      6144:3ksgqf09zJSRWKJpTtirRFWX5+TBIKTbjq:3BXc9NtKPCfIKT

    Score
    1/10
    behavioral11behavioral12

    • Target

      CrazyText.exe

    • Size

      576KB

    • MD5

      fbe1e739e7bad91059fa7f2d2847346d

    • SHA1

      648b0e40677df5c21dabb954a83f55a19d726b0c

    • SHA256

      6c653da84ec83702be65aa87884ff546e8d2b37846051e9dceec6a283306a823

    • SHA512

      3fbb7be6f365adb0e5e94d07418b5b4aad6d5b94a2c4b9cdc7ee78ed35b357f6a850672315f90f1a17e27210bc2365b4f69a7b4ae6a1143e205b507efc2e1896

    • SSDEEP

      6144:jnQbGwWj//EHZMdVOs2JLyK6z1wespJIK:7QyTj/kZwV4PeE

    Score
    1/10
    behavioral13behavioral14

    • Target

      Cronic.exe

    • Size

      14KB

    • MD5

      726d50c3e3dd789d43664aa5c3c3f9de

    • SHA1

      f69e053040b09e422a712c4bf31ce20875186e31

    • SHA256

      8a865d95f2c90c97fe3d762608ebc8040033cac5882e5534675b6b1f056e9c19

    • SHA512

      872b347a0dd0cdb46959b9b41ad20dfc7dcfaf3cee8a27aa90b33700a44147edf631e03c3bd7ca8867dbcb2b02efc6c05ee0e8dd31062770c39d2ad13a1db56a

    • SSDEEP

      96:UxDJBVLZaxd5wLqLodjPdIGeQTH7EZ1U1B2Rti5KaJR/sjMcl13sPNjevqa7pYkC:UZJYVwm6TAE4ixQMpefpvaE55tfVD

    Score
    1/10
    behavioral15behavioral16

    • Target

      country.exe

    • Size

      12KB

    • MD5

      b5b39f57b7f032a603784c58804b8912

    • SHA1

      67e04f49722b5917cbf19446bc9587f7394d8de8

    • SHA256

      08d440df7d1bc9ea44020eeba0b64c661ca3de7580d196df6aaad96e733feedb

    • SHA512

      f8e5c26d429a612a588664010d5e4d7e1296b00e81361af1da8aebfc669817bac5cd497b48c291ec225a71f901034d8f9889fa05c94d1386fea285aa98873401

    • SSDEEP

      192:77UX9y5ELsa0vzjsQiHzk9u1WJ70jO8MplcYQHRCsGpDsX+1J5pz6ZbZDJuVw:XPf3sQlugJ70jdnYQwG+1

    Score
    1/10
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Scheduled Task/Job

1
T1053

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

4
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

1
T1491

Tasks