Overview

overview

10

Static

static

1

.html

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    .

  • Size

    18KB

  • Sample

    240328-df8ltabc33

  • MD5

    280a1f12f3acc89e9f65c9add4c4c0e8

  • SHA1

    48d1e8f0f2642321a458824fb3fdf38f01b2ab90

  • SHA256

    c8b72c6ec96339cd96995d01bb7326009872f6e2e476bae67ae428c6d2cf731a

  • SHA512

    ab20dfdc6869fd79c1afe846aa4d70914a1195a6553145a938f078f74034c7a8aadfbbf050c2d707de3a0522d594c4e14b86bbf37087015484835f43cd1dcdfa

  • SSDEEP

    384:rZY3mIg4GDpmReVoOs4TN9ylKeGMbU8HhhbHPU7rS2LjFrSb+8VJCBXQL:rZb2GBVoOs4TryI1MjBhbvC7FrSzJQQL

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      .

    • Size

      18KB

    • MD5

      280a1f12f3acc89e9f65c9add4c4c0e8

    • SHA1

      48d1e8f0f2642321a458824fb3fdf38f01b2ab90

    • SHA256

      c8b72c6ec96339cd96995d01bb7326009872f6e2e476bae67ae428c6d2cf731a

    • SHA512

      ab20dfdc6869fd79c1afe846aa4d70914a1195a6553145a938f078f74034c7a8aadfbbf050c2d707de3a0522d594c4e14b86bbf37087015484835f43cd1dcdfa

    • SSDEEP

      384:rZY3mIg4GDpmReVoOs4TN9ylKeGMbU8HhhbHPU7rS2LjFrSb+8VJCBXQL:rZb2GBVoOs4TryI1MjBhbvC7FrSzJQQL

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Modify Registry

3
T1112

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks