Overview

overview

7

Static

static

3

4404c09ad1...cd.exe

windows7-x64

7

4404c09ad1...cd.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4404c09ad18da9aba1945dfb2975e210ff96ab3698e5c075bd6c8ec57cf854cd.exe

  • Size

    15.2MB

  • Sample

    240419-qtrxfaef3s

  • MD5

    f9faae7acc66819bafd5523f719d5c11

  • SHA1

    c424f400216b27f0fdd919b39fb01920c6e2cfe3

  • SHA256

    4404c09ad18da9aba1945dfb2975e210ff96ab3698e5c075bd6c8ec57cf854cd

  • SHA512

    04269937201c49b42218cae588685507834e9bc6b52b90e95d7f59ffa7183ad1e8d3730bf0075880c71d60ab89e7de32aad692092fba3eebaf727d2525f5cc2b

  • SSDEEP

    393216:CV+M4eN00nY07eFsZETDfDgOREc64qDW8Y3+d9T4Q:CVCeCLsZETb0OZcW8YOd9Tp

Score
7/10
pyinstallerransomware

Malware Config

Targets

    • Target

      4404c09ad18da9aba1945dfb2975e210ff96ab3698e5c075bd6c8ec57cf854cd.exe

    • Size

      15.2MB

    • MD5

      f9faae7acc66819bafd5523f719d5c11

    • SHA1

      c424f400216b27f0fdd919b39fb01920c6e2cfe3

    • SHA256

      4404c09ad18da9aba1945dfb2975e210ff96ab3698e5c075bd6c8ec57cf854cd

    • SHA512

      04269937201c49b42218cae588685507834e9bc6b52b90e95d7f59ffa7183ad1e8d3730bf0075880c71d60ab89e7de32aad692092fba3eebaf727d2525f5cc2b

    • SSDEEP

      393216:CV+M4eN00nY07eFsZETDfDgOREc64qDW8Y3+d9T4Q:CVCeCLsZETb0OZcW8YOd9Tp

    Score
    7/10
    ransomware

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks