Overview

overview

9

Static

static

3

Poraton_Su...om.exe

windows7-x64

9

Poraton_Su...om.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [email protected]

  • Size

    121KB

  • Sample

    240317-kmjplaba51

  • MD5

    9eda69bc6d42ff0a9a56d74fb06a6c01

  • SHA1

    6a384ff0d66089bfb89dbcad8f0a90482160c6a1

  • SHA256

    34b9f323d2c6d4fc334952c365b678662dbd00cdd03babbcbe258a0ec053ffa3

  • SHA512

    d192d9adcac22f429478b82e9acec92a1d1a9c2cfb65cb6e525443b5be1866baadac345f7aebe36f75563ffa05e096b09a94c9b30665336f9c82576e4efeba16

  • SSDEEP

    768:M3SOA2NuHRZR4EnzsbQU4nNaFAVVnSIWkJ5gwE:T/R40zSEnNNVVtWkJKwE

Score
9/10
persistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      [email protected]

    • Size

      121KB

    • MD5

      9eda69bc6d42ff0a9a56d74fb06a6c01

    • SHA1

      6a384ff0d66089bfb89dbcad8f0a90482160c6a1

    • SHA256

      34b9f323d2c6d4fc334952c365b678662dbd00cdd03babbcbe258a0ec053ffa3

    • SHA512

      d192d9adcac22f429478b82e9acec92a1d1a9c2cfb65cb6e525443b5be1866baadac345f7aebe36f75563ffa05e096b09a94c9b30665336f9c82576e4efeba16

    • SSDEEP

      768:M3SOA2NuHRZR4EnzsbQU4nNaFAVVnSIWkJ5gwE:T/R40zSEnNNVVtWkJKwE

    Score
    9/10
    persistenceransomwarespywarestealer

    • Renames multiple (8854) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks