Overview
overview
10Static
static
10081899c525...89.dll
windows7-x64
1082060e332...76.exe
windows7-x64
1009d22d6340...64.exe
windows7-x64
11f4e927f6e...a4.exe
windows7-x64
820efc37efc...db.dll
windows7-x64
623b5ce252f...5b.exe
windows7-x64
1035fdad147c...8f.exe
windows7-x64
136bfd9f40c...07.exe
windows7-x64
156ec95785f...a4.exe
windows7-x64
1675e7e38d9...a8.exe
windows7-x64
96b4df38111...7a.exe
windows7-x64
76b4f6a820d...96.exe
windows7-x64
1721ccbb780...29.exe
windows7-x64
375a9ade196...1d.exe
windows7-x64
1079271d57c5...61.exe
windows7-x64
7*.*/update.exe
windows7-x64
6*.*/Ë«î¾»î...¿».bat
windows7-x64
1847001fe67...7e.exe
windows7-x64
197d846563e...3b.exe
windows7-x64
19a5a08d7a4...4a.exe
windows7-x64
109da42140ca...70.exe
windows7-x64
6ac7da11c38...e2.exe
windows7-x64
10b3489810af...5f.exe
windows7-x64
1bf11915a5a...55.dll
windows7-x64
6c453aa991f...3e.dll
windows7-x64
6c97d9bbc80...15.exe
windows7-x64
10cfe55dc501...48.exe
windows7-x64
6d2a120aa4a...78.exe
windows7-x64
10db97db6b03...1b.dll
windows7-x64
6dc276b7ca4...cf.exe
windows7-x64
10e714a8c576...a4.exe
windows7-x64
1f0c2927859...a6.exe
windows7-x64
7General
-
Target
New folder.rar
-
Size
15.3MB
-
Sample
240326-rse2xsfb8y
-
MD5
6677e9a1e490857b5bdfb0744cd260fe
-
SHA1
20a0692c3001f36c56f811d614dfbe6b2a0b5612
-
SHA256
1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596
-
SHA512
52c80873ff9d70a2ef1669ccfb1f2e1cfeb2a521102d0b38164c88f680924b84560245c3104b6c7e742bd952617db405720f6b08f541d6c4cdf1c33a25478ab6
-
SSDEEP
393216:NUYQW+GfB8a8lENPHeGcC6yz9Jp0tu/5TKP0Arl:y9GfBntHeO9Jpn/Fe0AR
Behavioral task
behavioral1
Sample
081899c5257cdf6b27b238f9114b9151a755a2044cb463eb2214fa9101c4cd89.dll
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76.exe
Resource
win7-20240215-en
Behavioral task
behavioral3
Sample
09d22d634084239df510d088dd1685886fdba2810df4067771142fb2204cef64.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb.dll
Resource
win7-20240319-en
Behavioral task
behavioral6
Sample
23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b.exe
Resource
win7-20231129-en
Behavioral task
behavioral7
Sample
35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f.exe
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807.exe
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
6b4df381119ee2beac0fb75184addb6cdd045ddd5e0fa09365a51331a484cd7a.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe
Resource
win7-20240319-en
Behavioral task
behavioral13
Sample
721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d.exe
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
*.*/update.exe
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
*.*/˫ǩ.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e.exe
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
9a5a08d7a4579e11f59594fe053c8157c20ab74a7775a11a1aa6154a3eb6744a.exe
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
9da42140cab695b77cde560dd1109d2b96d263e25c21bba0e70604f0717bf270.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
ac7da11c38cce3b21137e629d76614f6350cbc96db41bede9029c83d9dfa98e2.exe
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
b3489810af4e4d0d953eb438e3550ace5d52a5c8818a6cae7af6d30ba5482e5f.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
bf11915a5a5f8e1de827676250505e7f503c0744da757f8290f077d3d5d81655.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78.exe
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
db97db6b0367434c2170eb34f828ec6b99032a4722ea55dc14a72883d8af1c1b.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
dc276b7ca4a980cf487b73b4ef9c40fb93f1b00b5c757a726057ab21a0372ecf.exe
Resource
win7-20240215-en
Behavioral task
behavioral31
Sample
e714a8c576d7e04c2a8c6f4f8aa6627543524e61f4e3fc402a24d6981bad03a4.exe
Resource
win7-20231129-en
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@fentex.net
admin@fentex.world
Extracted
C:\Users\Admin\Documents\READ_THIS_TO_DECRYPT.html
Extracted
C:\Users\Admin\Desktop\_READ_THI$_FILE_33QNII2_.txt
http://p27dokhpz2n7nvgr.onion/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1hpvzl.top/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1pglcs.top/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1cewld.top/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1js3tl.top/12EA-1E35-D050-0446-9493
http://p27dokhpz2n7nvgr.1ajohk.top/12EA-1E35-D050-0446-9493
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@sectex.net
admin@sectex.world
Extracted
C:\Users\Public\Desktop\README_LOCKED.txt
DharmaParrack@protonmail.com
wyattpettigrew8922555@mail.com
Extracted
C:\Users\Public\Desktop\README_LOCKED.txt
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
3442516480@qq.com
1169309366@qq.com
Extracted
C:\Program Files\Java\jdk1.7.0_80\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
daten@cock.li
daten@airmail.cc
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@fentex.net
admin@fentex.world
Targets
-
-
Target
081899c5257cdf6b27b238f9114b9151a755a2044cb463eb2214fa9101c4cd89.exe
-
Size
24KB
-
MD5
bdd728030128165279b3cadf246d495a
-
SHA1
032479b1a1d4bb21fdd07736a8d4d9c5fa4a70c4
-
SHA256
081899c5257cdf6b27b238f9114b9151a755a2044cb463eb2214fa9101c4cd89
-
SHA512
8ead3841b4c7d5f56f6456ead428c5e43c748cc05252a7c119b3110143ab1c29c97e5e1779e53f26142cba48c17b04de259bb639d1a23b9ed315b7cbf7be9330
-
SSDEEP
192:+W0UBkFvRFGHPQWT3e9+qQ/1/zJvZvdW9+2Cp92xR42eMX8:+WiFvROPQWa9+qQ/1qMyeMX
Score1/10 -
-
-
Target
082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76.exe
-
Size
799KB
-
MD5
f6a8d7a4291c55020101d046371a8bda
-
SHA1
09b08e04ee85b26ba5297cf3156653909671da90
-
SHA256
082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76
-
SHA512
547ad8ac404e494cce474209ebfbe33a40b69feb59f564215622f479e98dd93699794f4950b05d21225af271c55987da24c68d7c4c172f1d99ba7050b7063888
-
SSDEEP
24576:Fpfzmg0hsVxPJHnhxqj/jELyOpQR2dnCy:FpfCHKrPFnh4jEWOpQEdnCy
Score10/10-
Drops startup file
-
-
-
Target
09d22d634084239df510d088dd1685886fdba2810df4067771142fb2204cef64.exe
-
Size
108KB
-
MD5
61d03ddc11ca4fc3e752abcb03bc53ed
-
SHA1
a872988919744d81154025b1d17cab2bc70b8e99
-
SHA256
09d22d634084239df510d088dd1685886fdba2810df4067771142fb2204cef64
-
SHA512
1d0ed13686785e03d8ab33d879e6d949179bea7d7051525ffc55bf28896d0f6456e17295a9941e07d07ffbc13f138df99fa0871dd6e070da292dd221f7ca216b
-
SSDEEP
1536:OTu/iJ0cjtqTgpdJEHlwKg2cxhDfiJ8xmeoBJIKs3Z3P4lGLD:4u0jtwaPBKg2ihjiJ8MeoBJIFZ3UyD
Score1/10 -
-
-
Target
1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
-
Size
2.2MB
-
MD5
f5f2f6c370db4b38bdf8032ea3ef2a64
-
SHA1
b5e188540539bc2b1d128f408160fa91e724c84b
-
SHA256
1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4
-
SHA512
f2216faac5d07fb2d6f3faf6cf1e18e94c0ada8aba35a8d2d8491efd1ada526d5358a592b6877a9783cc9b5e81dd54fec8b9969ffd650c0f8aff2e3243dbe18c
-
SSDEEP
49152:UtAZanCoV4BdnctNbS/iXmYjlV8O7pzTs8OYFFxZbVybdXERd:9x6Mdn0p7pzTsQR
-
Drops file in Drivers directory
-
Drops startup file
-
Drops file in System32 directory
-
-
-
Target
20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb.exe
-
Size
28KB
-
MD5
07ce060934a9106a3e135c33ebd64e9e
-
SHA1
e9d0fdb9d91ec314778f45065642066cbd4c575b
-
SHA256
20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb
-
SHA512
c3c17c911464deb7be6daf3339738fb53e89a93f0b58eb5971d6ffbbd7aced4d88ff61ab2ac973f8c1f6dafdf9e4dc505d17607b0b8b9be822b98b0b8a320f8a
-
SSDEEP
192:EmUk5kULV+jC9LDADPF9+qQ/1nwzJvZvdW9+2Cp92xR43beMs7ui4jrh:EmFDR+jCpAJ9+qQ/1nZMHeMsCj
Score6/10-
Adds Run key to start application
-
-
-
Target
23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b.exe
-
Size
235KB
-
MD5
fc7b0066d7d250b619a3c6c3ee1b22f9
-
SHA1
f307dc2d7d41e5d2678144de98445fa3c14e7583
-
SHA256
23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b
-
SHA512
4178ac9a1e5e9f5817412de1ab210c1c95ebe1a47875f14844ff5e234191c2facaf8f7ae184c9fc33c334cdfa8615ccbdc8aaaac1d3aa6697d4ea49ef01aa1bd
-
SSDEEP
3072:BS4er0KRFMyC4FtM/LMZaIfhhM35E8/OZZe6WXVDhjt6SeFUkgYF6UTcysS:BShA40/haM3hGEphsxUYF6Ecyx
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (314) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f.exe
-
Size
542KB
-
MD5
ce29783e7465bd57067f67afba0f996f
-
SHA1
c6d5bc37d17d43a1cdb17d39e46b8f3d61d46578
-
SHA256
35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f
-
SHA512
b92a1bdb77f05c5a6cf0b883bb2b4205c6d3a97dce1e6f82a102d6e6fcba1a025d3953ed7f3ef9268f6383a7cd2f6af2de37fec736eb4d77aff40b12a901c0be
-
SSDEEP
12288:5Pi8GS/emxzM+fElwVCqCJbDj9//k/rTcPcYYYgYYYYYYYgYYYYYYgYYYYYYYgYh:5PBNz3fyDj9//k//IcqHDC
Score1/10 -
-
-
Target
36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807.exe
-
Size
108KB
-
MD5
82bccb8988fd54529192665fa974f056
-
SHA1
2b83f745d8424b7ad6e8012da3260dbf0663ce3c
-
SHA256
36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807
-
SHA512
95d9996d65f4bd0ac2ad7d6c2ab3089e1101c9d0a22b304e2380512428b21767bd6c53bbaa3b3c3afc778c98be1d32ceac5331d2c85db64e7f80a78777a4f8a9
-
SSDEEP
1536:8tu/uJ0cjtqTgpdJEHlwKg2cxhDfiJ8Xm3oBJIKs3Z3P4lGLc:0uAjtwaPBKg2ihjiJ8W3oBJIFZ3Uyc
Score1/10 -
-
-
Target
56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4.exe
-
Size
526KB
-
MD5
00d374f3142e46c53e621504e020dd86
-
SHA1
49c55f442702c3d96bf507f369676a54315851d0
-
SHA256
56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4
-
SHA512
169149b510a6c502f90b18d518f10c7f0f1c7e426d62b2e90b8adfa87d76a0d1d8b819305fdb75231ac80d5fcac1dcf7982ed9e493f22dcf12ae203a0960edb9
-
SSDEEP
12288:oOfgiGHObrYmluIhccUnj9//k/rTcPcYYYgYYYYYYYgYYYYYYgYYYYYYYgYYYYYV:oOwGrv4j9//k//IcV4h
Score1/10 -
-
-
Target
675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
-
Size
1.3MB
-
MD5
d30cc3d50062b47585d8e9216f5974c4
-
SHA1
86ab16232bdff82807eb09e9dae5ae7dec26685f
-
SHA256
675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8
-
SHA512
8fa7e529f58deb6c2b89c3bf3ceb04ca036e00ac694767b64625258fe39d3911d42ae9d5baf0d0089e06c936458fcacd0e6e56b8a7cba4a91084d66a5717bce6
-
SSDEEP
24576:bk70TrcblhbE+twWvKItnEi9RlyjACUxar1BjjxhXQdT6lRDmkTyi:bkQTAMGwAFv9yjJZrYURDdH
Score9/10-
Renames multiple (18637) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
6b4df381119ee2beac0fb75184addb6cdd045ddd5e0fa09365a51331a484cd7a.exe
-
Size
697KB
-
MD5
91bb19ac797d238209b681a872b90dfb
-
SHA1
c817513d79e95e78969fd7db001197058a43dbb8
-
SHA256
6b4df381119ee2beac0fb75184addb6cdd045ddd5e0fa09365a51331a484cd7a
-
SHA512
71eab624027b40a141800b9e4d242d52bb1613e2e7fef083bf742034639434c369dffe648b9d0728c09d91aec121cc8acf861fecd248f6529a396766cbd905de
-
SSDEEP
12288:K1C9axRKZndwSrZvQH0dy05EQB4RpwxKxOl5/xVvuY6lMwWFQw1ybgRRBo/tPamR:QC9YRgdwSBk0dy05jBmuS4DmYBSoP94a
Score7/10 -
-
-
Target
6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe
-
Size
27KB
-
MD5
4b95790314f5e5e7ab6027f3afed48ae
-
SHA1
1bbbc30e0fdc7190d8948716ca8d373788c90ce4
-
SHA256
6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296
-
SHA512
380a9bfd525ad558964f444220cf5ac4a9d3add159abd5c0451ca2b1d8bf57d2acf6d0eb8a1ec4b1451b28db10574b2fb66bda0e2f8ed066d4d5aac0dd9c8a2c
-
SSDEEP
768:ZtVdJkn3Iwk9qg47OxpySkH/U3ITmcemeZFFtbwN4ykQo:ZtBk3I7LhB3PcedFtMOykQo
Score1/10 -
-
-
Target
721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429.exe
-
Size
556KB
-
MD5
4a8228f5109bc509936eb5286d86322a
-
SHA1
36f1b50c1df1249e816944d0288604336d2b7a1e
-
SHA256
721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429
-
SHA512
6013d5daaef69c99d61afb30aa273413eebe9b5b8fe0055d879ee236817d3cb4a9d3bdb82553c8cd3f6e725bd99a076389a94a8ec8d6b0da66fc17b0fb7a1164
-
SSDEEP
6144:f5bnFDjbS20Bbdh1bBbp20Btedh16IqDAYQ+:fTDwicAYp
Score3/10 -
-
-
Target
75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d.exe
-
Size
306KB
-
MD5
1eac69691e05297182ea6642746d53f6
-
SHA1
749f19b262849158df6d29f26043e1a845da102e
-
SHA256
75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d
-
SHA512
8ac6625fa10b3d2126a6498af2790a52bb626fef74b4abf05ce869f0e3b2d41fa78915b469529c67531937093e6385634985e792f4c04edac5f0b69a489d5c39
-
SSDEEP
3072:J86Kas04uVswV5Him+xfleiJfz/4B7zspXGwtI57T+YG4tGSGbwySvB5KpzeLrqK:ChatLSeoQ7Rwu57C0bNyKgpGR
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (319) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
-
Size
3.1MB
-
MD5
91e55c043a89444b7cdfb335d4e4a5ba
-
SHA1
d72203d462053c1636e20cf648669b040357d5db
-
SHA256
79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161
-
SHA512
3f3efbb9928a8ffa683d2c528bc442545fb330fbf981ff639a581effc91569743258cbad88e9a2c8b6e66448e56af023213fc408ab66a6b53565a4e030a37777
-
SSDEEP
98304:DFkV34ua2ltBgzXU4Us1DgAtayHKlqo7/Whsg:Db0ltwzDtZHg7/Yx
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
*.*/update.exe
-
Size
744KB
-
MD5
288ad7c14b2e9cbfc8432d3d41d62164
-
SHA1
2138ba33796ed343fb01c03f4abfdbed30bfe151
-
SHA256
7e24716b753efa564cf6ace4abbe687a2ede68180140e4aaab8279b3328ababe
-
SHA512
6f045adea1a9d4c1a0ec414a77c1611687a7ec4ed23ffc1fda426a396ca4244f5b212a1189dc6fb804268a5d29cec3226ccd6d3418e7e5a9923cb0733caac70c
-
SSDEEP
12288:Yzki5f8eM8n7X0tYAY4+5684WFh5ecvSrW3yNdkeemwtuS9:OkE8eJnL02AYw84Wj5evNl0u
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
*.*/˫ǩ.bat
-
Size
100B
-
MD5
b2c8d1f31c73f52c275393f231e3843e
-
SHA1
debbc8e818ab2acc8f12b08930315c894e7efde8
-
SHA256
77badaf1d085e90578b76cd1fafb252e13d4074f643b7d43cbee38580d7dee24
-
SHA512
0268085427d632fe4fec8e7702da5b7715a2ecc13f9ddda86f02f965c3745872e53325d12cb48ab7797bebce4b76203e3edc2631c6dacf3417a91a6c00841de6
Score1/10 -
-
-
Target
847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e.exe
-
Size
108KB
-
MD5
eacdd9f959418d3f3e9be95de284d02a
-
SHA1
354fe59d35aef1dd07c3c1ef771b93a413f91e6b
-
SHA256
847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e
-
SHA512
8e3770e6e0dd33e2ae54c9af0c5c01c5e0bd5d85e37ea5e4c9afadf297f9027e1b6b0b32d872ffa3b928478d7c0601b465fa5ea414dee10ddc51c8c83323d17a
-
SSDEEP
3072:ouvZ0rga0R246JaNR0r3PhVuCx9JNI22N:ouRIcVX2hEXFN
Score1/10 -
-
-
Target
97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b.exe
-
Size
36KB
-
MD5
01856e8de8d99253aabe0c1ccf925b08
-
SHA1
217d1d9c07dd817bb39a000943f27991cbe5aab9
-
SHA256
97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b
-
SHA512
03ff6abdb978d749467a24a63b21dd1e6e77cffcdd7bccf86516a66d7e053d13f76ab19179e9a331f85d32d9405f14ab8a19b756aff4c642a4ca0c7d4402d21d
-
SSDEEP
768:0gi4r/1iRHq5pTV6xo/SIx+637kc/+ZKWb57zlARngZy:0vZQ/6xo/SIxL7T+Z5KgZy
Score1/10 -
-
-
Target
9a5a08d7a4579e11f59594fe053c8157c20ab74a7775a11a1aa6154a3eb6744a.exe
-
Size
314KB
-
MD5
f93ecc98e4c4659023b81397578201e3
-
SHA1
8c6ce5195b39239d219da8de3b4e757204f75f07
-
SHA256
9a5a08d7a4579e11f59594fe053c8157c20ab74a7775a11a1aa6154a3eb6744a
-
SHA512
6835d190e85fa196e325d5b9e9833f88b22348b5e7dad7fe10aa2b065c66e61342cbf31fb8a4c1b5761a9f72b2f55d7eaeab9f8ee411ade6090327268a85a039
-
SSDEEP
6144:N/ox45SkZNudlSP7VeJCaYAbjJF7UjWDvtlP8A2KoGFn6NHCcWITEYlxHt9Nqw:NgScC03SPxSlYMF7UjWDvzPh2eFnDcWg
Score10/10-
Blocklisted process makes network request
-
Contacts a large (1091) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
-
-
Target
9da42140cab695b77cde560dd1109d2b96d263e25c21bba0e70604f0717bf270.exe
-
Size
616KB
-
MD5
41b91df596878223773cdc49bbee2324
-
SHA1
48d0647e2e29256d8969dbb7d8edb03297d01ada
-
SHA256
9da42140cab695b77cde560dd1109d2b96d263e25c21bba0e70604f0717bf270
-
SHA512
ff555049812608cb33cd7dcacf1102a920f531281aa60d36e8463f9c48023c856bf0243c25671ac709d8a5dfac5ab1a421606dd3f576472b4ec145b647fae30c
-
SSDEEP
12288:bnE+Yfz3OlZUW+7xsvceR0KtjYx1xS0v:bEBr3qZlCxarj8xS0v
Score6/10-
Adds Run key to start application
-
-
-
Target
ac7da11c38cce3b21137e629d76614f6350cbc96db41bede9029c83d9dfa98e2.exe
-
Size
211KB
-
MD5
ef8ab6db9a96b461f429f9f15b573164
-
SHA1
ac600bb15b21910c0fb6618825358ed6c60c037f
-
SHA256
ac7da11c38cce3b21137e629d76614f6350cbc96db41bede9029c83d9dfa98e2
-
SHA512
14a3b15ceef007915a558b48740f98a7a6335d42cfcc6498b2fb3ee40ff2e15496d4fdec0351f48cee36947e1ec981190721a877b8406a10456709d21be07a3e
-
SSDEEP
3072:b0WFcoAWykGuyF9ImZNI9UkwvYxzqea5KC7s7TJ:bfLXyL5F9XZNIsvYv
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (317) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
b3489810af4e4d0d953eb438e3550ace5d52a5c8818a6cae7af6d30ba5482e5f.exe
-
Size
24KB
-
MD5
b6d25a5629221041e857266b9188ea3b
-
SHA1
6df3a7a3ed5c6a6349a791b72783b32c460c8417
-
SHA256
b3489810af4e4d0d953eb438e3550ace5d52a5c8818a6cae7af6d30ba5482e5f
-
SHA512
bd40d5683d78d21a296677915c3417713134414059efd6865a23d8fe83465c813c696ca2d1b94e8e1ea03c7740c176e77f7b0c7c5b523eddedd43149cdc295a2
-
SSDEEP
768:rAOGBmheJi070Y2DJ/Zpu6WYcFIl0XeF2lG+eJ6eygjaPbpUvdykQo:bo7KJOCOfGj6eaPbpUFykQo
Score1/10 -
-
-
Target
bf11915a5a5f8e1de827676250505e7f503c0744da757f8290f077d3d5d81655.exe
-
Size
28KB
-
MD5
180ad8f1024b334c7966180afa953266
-
SHA1
7680011d67a7a7299ade6878255b1f7883a50cd9
-
SHA256
bf11915a5a5f8e1de827676250505e7f503c0744da757f8290f077d3d5d81655
-
SHA512
a661e2489775e08fc3a433e722fa014e85517ab87645ea9fa3d72c405b81d05a40dc3c02ed10579e8996e20bd4e22da936b02a846e2ea8c1d88621fbfcc7655e
-
SSDEEP
192:7h89oTi6J4SaQPlRgspuml9+qQ/1/wzJvZvdW9+2Cp92xR4KyAzeMg/Qq7t/u/N:18EheSaQtRgWl9+qQ/1/ZMyeMm/O
Score6/10-
Adds Run key to start application
-
-
-
Target
c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e.exe
-
Size
28KB
-
MD5
7fc30b3540428adc624a060b9005d575
-
SHA1
8a08667b8c0bceb82502e55848ca4e4f69326217
-
SHA256
c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e
-
SHA512
6fb43ccd2c6698dc027c48cf61d7b40b9faccbaa717c14eef207d4312ab9eb9497af6ae70191021bf3166d6bf703a248d509b327d4b05b126449e87a0cae7cc2
-
SSDEEP
384:NZMO4CXWoRNt7oAbiKuWiO9fjQ/1/ZMzUFeM/Dd:NJ4CGoRNPGG8/96UUcDd
Score6/10-
Adds Run key to start application
-
-
-
Target
c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
-
Size
1.2MB
-
MD5
e11502659f6b5c5bd9f78f534bc38fea
-
SHA1
b5fd5c913de8cbb8565d3c7c67c0fbaa4090122b
-
SHA256
c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15
-
SHA512
86c8d4556c9e0b7d60ccbfee430eb322388449506ab515549cb8d2785582671f2dc2d2a3bd9daded9853caa8bf94d9f92603a3bc527172a85dc7a83d701f7fd0
-
SSDEEP
24576:645Rt4El7fc/TFJzjJUgrrCq5sNIwQsUGy1q7a9DlIACTp+kqGslRG:Rjt4El7fc/TFJWstwQsPdSDuACTpqhG
Score10/10-
LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
-
Renames multiple (3721) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
-
-
Target
cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe
-
Size
48KB
-
MD5
84ff01e9ca8fec60ba0c7715ca378336
-
SHA1
8bafa6673b762145b008496467a9ad8cfc18e4b9
-
SHA256
cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348
-
SHA512
668be10b19fd0f47a0409ab0d46b5d078122eeb602452c37bee27970495ec9b8ae20e598b4a4d530a976dc80948be0f6d50e6fec78303941f4bf40df180e4ed6
-
SSDEEP
768:NZ/MQ+jmgyuQY6y4ViNpc3ayjctUp79Glm:N5MUo4qK3wlm
Score6/10-
Adds Run key to start application
-
-
-
Target
d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78.exe
-
Size
190KB
-
MD5
0333e4014e84e0cd41a4be7fab09926b
-
SHA1
2e84153ec64edadca3ac7a9b847eb6c651396525
-
SHA256
d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78
-
SHA512
d9838b90083625939c644a3b80ad820cbbc5991669ac499612f82e301c553f235743cfd35a2a87cd63e7b6bedf3f57b0bd42e88ef9d9450e9d868b95ec8e6c33
-
SSDEEP
3072:3bXCLlcSmk8NNFLehmqbayd4yCVY16YAaMDJvKqJHTwqlQNNJE5AkqA:3byLlcq8tYZbay6Y0YgDdKUHThKNI
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (317) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
db97db6b0367434c2170eb34f828ec6b99032a4722ea55dc14a72883d8af1c1b.exe
-
Size
28KB
-
MD5
af62cca39cdf2faa1a3e9b422afee8b9
-
SHA1
5714a48c24d79cf820c98ec3575ef4f0b7b7c921
-
SHA256
db97db6b0367434c2170eb34f828ec6b99032a4722ea55dc14a72883d8af1c1b
-
SHA512
c7ad2ef82f1f1a23ffa5ebcba8efca1dc8aa788847cab8d2693cf082f85e2e87979b92c559c69e60bc119929912c105e40c00aa9fe2f09d1cf8ad9e8fc3c4d13
-
SSDEEP
192:0P9IGUkZxXgGEmqnpbXf206LF9+qQ/1nwzJvZvdW9+2Cp92xR4qVeMNazlQF9gR:nGlJEmqx2029+qQ/1nZM2eMNazWm
Score6/10-
Adds Run key to start application
-
-
-
Target
dc276b7ca4a980cf487b73b4ef9c40fb93f1b00b5c757a726057ab21a0372ecf.exe
-
Size
478KB
-
MD5
1575ea1792ec080b7825066f02a5dddc
-
SHA1
e647358f934f78866d1f97079f66c46448efd2f0
-
SHA256
dc276b7ca4a980cf487b73b4ef9c40fb93f1b00b5c757a726057ab21a0372ecf
-
SHA512
1e492379bea54ccc2db48b1bd2ded0d77470ae960a6f78e681647526b29152a4a1ca27acca9c7181477af3c19a4e4eac0182a259fd32893b33b33f40fe14e120
-
SSDEEP
12288:RDVeMVRoTGavS3bRmuAyEzHU4tmo1BaKBiNr:pVeMVRo/W9mu3EzHU4co1BaKc
Score10/10-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Clears Windows event logs
-
Renames multiple (7242) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
e714a8c576d7e04c2a8c6f4f8aa6627543524e61f4e3fc402a24d6981bad03a4.exe
-
Size
44KB
-
MD5
f385069ebb01e0bbcff4abdbbe5e6a8e
-
SHA1
f2b48673e4c70e72e1f34cd88614cc0d5594fa94
-
SHA256
e714a8c576d7e04c2a8c6f4f8aa6627543524e61f4e3fc402a24d6981bad03a4
-
SHA512
d814e8112c283fa9e3fc33f54db2dc2d80e19b448d1e0d012a2838505a7af75d0814f9199462cb5a51e9fc055f30762af8830a730907f32ec66f9403b2c968d3
-
SSDEEP
768:cKLuj2C0bJjtAgLHL3GUME2ctbTn/YcaPC:eQtAqe2TnuK
Score1/10 -
-
-
Target
f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6.exe
-
Size
7.0MB
-
MD5
3beee8d7f55cd8298fcb009aa6ef6aae
-
SHA1
672a992ea934a0cba07ca07b80b62493e95c584d
-
SHA256
f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6
-
SHA512
12bd64d10620c1952127c125e7beb21b3727d8afb6440d48058785267b227a534ee6112d84372749496481cb6edb5c90eeb159689b443fe0f10f4a9202a83a5f
-
SSDEEP
196608:gUWfTu5s5E6s6eLL1mkJ2Z9Jq5dOYo+SJVTXOD0ch:gUWfTuK5E6s6sBmKk9JMo5/eN
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
12Registry Run Keys / Startup Folder
12Pre-OS Boot
2Bootkit
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
12Registry Run Keys / Startup Folder
12Create or Modify System Process
1Windows Service
1Defense Evasion
Modify Registry
22Indicator Removal
11File Deletion
10Pre-OS Boot
2Bootkit
2Impair Defenses
1Disable or Modify System Firewall
1Subvert Trust Controls
1Install Root Certificate
1Hide Artifacts
1Hidden Files and Directories
1