Overview

overview

10

Static

static

3

215c373603...f4.exe

windows7-x64

7

5e902a1381...c9.exe

windows7-x64

10

8d2f2ee248...88.exe

windows7-x64

9

d765e722e2...b9.exe

windows7-x64

10

f8da280bb9...12.exe

windows7-x64

10

Resubmissions

28-03-2024 15:06

240328-sgx9sshb9x 10

28-03-2024 14:55

240328-sar47sha3x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WinRAR-ZIP-Archiv (neu).zip

  • Size

    661KB

  • Sample

    240328-sgx9sshb9x

  • MD5

    3fb9302a9bb732ead22e983216cf9ce2

  • SHA1

    dde895a60d2e66a268ffca1e9c251cab6097a027

  • SHA256

    c8b41de669363ff7fecae244b46fcc2455cf09c10fd783815094659f912ee326

  • SHA512

    cabe19f842bda50b7d979f32217f3e95e6e0e2ac8b5827080939549e05931ee0a8cde9be7d41664a0be243b33dbddea1df0ccbebbf87004e801441a414f0ee39

  • SSDEEP

    12288:dcjOSQr11lCeqDBLT1VFj/ofBWy0tVKmhxfQRcQ2qq0HKiDSfutT/a8PBN:uaSQJ1ll0V5ofx0tVKCxfQRcQ2EH2fuf

Score
10/10
cryptolockerpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      215c37360388d16653ffc1740c639d486753a9db69a8ad4f3e1b172b1b712df4.exe.old

    • Size

      32KB

    • MD5

      9de48e7cfc2bc56631387e527f859efd

    • SHA1

      959b863e84103132f89a10a7fd6981771881f763

    • SHA256

      215c37360388d16653ffc1740c639d486753a9db69a8ad4f3e1b172b1b712df4

    • SHA512

      0f899f44536b651b97204dd876013796c6835d0562d04c479ba3b73032ab15edc8307f9f2d96057a673a5f12be16e85a084dc73e6c76b73f8646e8f354bea2f7

    • SSDEEP

      768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGpNEmK/4BM:o1KhxqwtdgI2MyzNORQtOflIwoHNV2Xo

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

    • Target

      5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9.exe.old

    • Size

      208KB

    • MD5

      12bc78e07cb69dd6ec32729240dbe537

    • SHA1

      7b7d9b115ec10074f7166ec3379fead6e816da59

    • SHA256

      5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9

    • SHA512

      c974592671b081d0af48c1aab9f9f02243773a081d9fadf70e3caa7454dca657b45bece27852397e74f601df1abdf5db496c821a5df624057355fd15c807e15a

    • SSDEEP

      3072:GXbUMNAwQ2Jpo/AkQCUyevi8xRpz81NADJ2:ibUMKwQ2J4ReviSjeKN

    Score
    10/10
    cryptolockerransomware

    • CryptoLocker

      Ransomware family with multiple variants.

      ransomwarecryptolocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware
    behavioral2

    • Target

      8d2f2ee24882afe11f50e3d6d9400e35fa66724b321cb9f5a246baf63cbc1788.exe.old

    • Size

      362KB

    • MD5

      7fefb77a270715166ddd1e323695a9bd

    • SHA1

      a8bf6a35a9605932332d44ff6983a83febb0b99f

    • SHA256

      8d2f2ee24882afe11f50e3d6d9400e35fa66724b321cb9f5a246baf63cbc1788

    • SHA512

      de27be7ce7bc5443f0117d0cf0ec9e02266339a23c07a966baa741cd736d3539c7806801186fe3a940f843da4b0b4ebbd55e8c50d6c32c760ef578b17f48b121

    • SSDEEP

      6144:XW8Abuyx83ECgS8DBN8+betvD0tU0qOixjuxduaZ2YjkwEL/S:m8uxp9C+SqiyduMzkwEr

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (1636) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral3

    • Target

      d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9.exe.old

    • Size

      338KB

    • MD5

      04fb36199787f2e3e2135611a38321eb

    • SHA1

      65559245709fe98052eb284577f1fd61c01ad20d

    • SHA256

      d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

    • SHA512

      533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

    • SSDEEP

      6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv

    Score
    10/10
    cryptolockerpersistenceransomware

    • CryptoLocker

      Ransomware family with multiple variants.

      ransomwarecryptolocker

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral4

    • Target

      f8da280bb9f81028c14d1e156d6685cdb5f75219a60f645f72e520fb5e388712.exe.old

    • Size

      15KB

    • MD5

      aedb1ad5304921ac3883570ebb647a29

    • SHA1

      eb91ca0baf1e7be6b538871714c727232a981acf

    • SHA256

      f8da280bb9f81028c14d1e156d6685cdb5f75219a60f645f72e520fb5e388712

    • SHA512

      6bbe14d668223b1b43e4ce9f7a75eb5892a2cd917b9e725edfda490113860a2ba8971cdbdef33e60a473fd0f831af1812ee6c4671f64be2c45958fa68fe4e88c

    • SSDEEP

      384:nl+IiU+Xh2GFstXnzVmzN/Gv2utvWmIptYcFwVc03K:ox2GGtpG6NfctYcFwVc6K

    Score
    10/10
    persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Indicator Removal

4
T1070

File Deletion

4
T1070.004

Modify Registry

3
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

4
T1490

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks