8ee557ebd3b08beb47d88321d3f426679f63c807785ff84ddb039f63e1fb7287

Sharing

Copy URL

Twitter E-mail

General

Target

Optimizer.rar
Size

66.1MB
Sample

240425-1lfjjsfd5v
MD5

7a1ca1a6d57c60d3bc7743147678541d
SHA1

cc3696a7c1c88323e35c06489d21310cb1b6a1c1
SHA256

8ee557ebd3b08beb47d88321d3f426679f63c807785ff84ddb039f63e1fb7287
SHA512

f4a4c85facff1ede00fd9950122eb49ba4bd1d31ff48fd7e2a2a471f13bf78f4b1380ed0b2dacc261163fe02895d78240070d733a5451df6bd0c71ed42f1d434
SSDEEP

1572864:orziNx5qZ2ESk5TSa/wxlwUdZyEvDK9ftjEUUI:Dx5qZ95TZwxltPyVfXUI

Score

10^/10

evasion ransomware

Malware Config

Targets

- Target
  
  Optimizer.rar
- Size
  
  66.1MB
- MD5
  
  7a1ca1a6d57c60d3bc7743147678541d
- SHA1
  
  cc3696a7c1c88323e35c06489d21310cb1b6a1c1
- SHA256
  
  8ee557ebd3b08beb47d88321d3f426679f63c807785ff84ddb039f63e1fb7287
- SHA512
  
  f4a4c85facff1ede00fd9950122eb49ba4bd1d31ff48fd7e2a2a471f13bf78f4b1380ed0b2dacc261163fe02895d78240070d733a5451df6bd0c71ed42f1d434
- SSDEEP
  
  1572864:orziNx5qZ2ESk5TSa/wxlwUdZyEvDK9ftjEUUI:Dx5qZ95TZwxltPyVfXUI
Score

3^/10
behavioral1 behavioral2
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/+fps.cmd
- Size
  
  8KB
- MD5
  
  1528c354659b8af86e4d34dcdef117d0
- SHA1
  
  f3888634ff4bcb3722b9769c7d9e3a0756391805
- SHA256
  
  8b5da8b832888f1636aa6a8f4faef318d64e5f3df97b8d812a567c383bf11461
- SHA512
  
  fd28c9421664fa144d828f8b53b0296c669f6f7210e2205c09425af943e16d0047e25ecc72f2fa7ce0d49716a2491a3e9221880cdb8d0f2c51af58f4761a3c04
- SSDEEP
  
  96:INiYN390rny3Qj/7onQ6bTh9aGoZiTAsan0jSr15iFhEQHDddL/UT6yaJx4IFTbw:sCk+zi1fLE/4XayT2h8/+hRCB4T
Score

1^/10
behavioral3 behavioral4
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/Desabilitar Serviços.cmd
- Size
  
  1KB
- MD5
  
  883d6b95f1dd95e5a17febc03735152e
- SHA1
  
  23c76b6bbd615934d309c0f6df0161a2dd8f19a6
- SHA256
  
  f0c263cba371d8655ce5b551bbfe36ea5f9991baf204a7be428d5c483eac3b88
- SHA512
  
  23bd52aaf707f542da4f2262a0ba0f161ffaa853241c5b27c9f377f81f1d50e64a6ff84c6a6db31702ef9fb4ffef532da4ee9032fc1f7bd173ffadeb1f0b60a0
Score

8^/10

evasion
- Stops running service(s)
  evasion
behavioral5 behavioral6
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/EXECUTAR APOS SEMPRE QUE LIGAR O PC/LIMPEZA 01.BAT
- Size
  
  448B
- MD5
  
  a7e38a8ca9bc65cd358e91e1792876c4
- SHA1
  
  604b10ea4ae7504c5b524f7b3f334dd750ad4a80
- SHA256
  
  72b4a4ec88ee7be9fcb7da30af553821556db244b32df6907a9f6c0ea52bb2c5
- SHA512
  
  645c312fe0604acd50efb6460c392437bf2173955cbc5668c287603ffd2930ea62c331066848d1bae9d04716dd204a1763d16dd99fd850ecf3d58e964774cf1a
Score

7^/10
- Deletes itself
behavioral7 behavioral8
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/EXECUTAR APOS SEMPRE QUE LIGAR O PC/LIMPEZA 02.BAT
- Size
  
  334B
- MD5
  
  1baddd0eb628e864a5321df697ae329f
- SHA1
  
  a447469e6cea2a66cb77dfc9f38549cbc3532334
- SHA256
  
  332e76fc9d31431ba53dd009b7ae147ca08d62d85f9ef3e7a54c186cdbac4048
- SHA512
  
  62bfc6d01d825b1da9904a7f9bcdb1bbbc17defd22b4212d383ce8bd62c89e27a2f1bb8d61d2fbdceec9f38da89501606c17db555cd3f8a537712593626aa1fc
Score

4^/10
behavioral10 behavioral9
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/FPS..bat
- Size
  
  816B
- MD5
  
  82f759f2374e49556aa12fb365110bbf
- SHA1
  
  b366eb434509837a56b0977decfb9d0b9d219bf7
- SHA256
  
  593cb9245762ec299f18a1abd3ef28e5311771dafe03d3710c2d5f44023e821e
- SHA512
  
  992a0c13b79a6fb6620c0b8c80169bfcca5d63a4a90283964df7a2be6ef6d499c17da017a50dd342e1634c3d48672def9b256bbd007b0fc8e2f397661412fa42
Score

7^/10
- Deletes itself
behavioral11 behavioral12
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/Otimizar RAM 2.bat
- Size
  
  715B
- MD5
  
  330113e518075fbdd0d3d8d8b0070b09
- SHA1
  
  fdbf0cd4533c5c230d7652739251d31941ee219d
- SHA256
  
  c8a50f056e5e72765dd62f44ae092740bb4d062f08c3656ab2d80b9ef6db1c4c
- SHA512
  
  b55602d9c81c7e2092c37951abad6f132629a76e2142a57f275aa9bb4b50ef6220491bcaba9b9339c19f49ca1460bd7cad0c5e5a3c7451704c0af13a44a20c7b
Score

1^/10
behavioral13 behavioral14
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/Otimizar RAM.bat
- Size
  
  436B
- MD5
  
  17f97bf8dffc50a4422e921e2e4ecab2
- SHA1
  
  19a2fc6b67fa6dacab4ab52f1b74eaa5e25b85b3
- SHA256
  
  1dce8473699ce23af3243445fbedd129329791832f488449e90d515798c27f27
- SHA512
  
  fa6fb5692082f132ad8419fdadd8b18fd40ca8d0a5b51b4aafd4a6bc5c6c4aac1dc46ffefc396acea56fb08da853707b9322b4c370657f7e942e52d40558dfde
Score

1^/10
behavioral15 behavioral16
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/desktop.ini
- Size
  
  68B
- MD5
  
  3d9defa6d648ad10524f8ec3a44a251e
- SHA1
  
  1236419b907bcc170fe71b7eceb5132a98d9023c
- SHA256
  
  e6eb0caa269ce0289d60fdcc3c67d5fd135a0eee86ca068378ad527c524f2db8
- SHA512
  
  27770d58eb831bc91236ea3ea05a12698cfbc841dcaa4605076bec2d3b21ff9a732e23a39745a0ebf48999056283915c78537636e230fb9a02638b95c0aa2028
Score

1^/10
behavioral17 behavioral18
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/limpar.bat
- Size
  
  506B
- MD5
  
  b4b71884204c27644f0c734fdf1a42c1
- SHA1
  
  b383c8a0b887b406abe97c581a943ed8bb3ce645
- SHA256
  
  be1e6c98112189daee8582926e1bee61752ddf0c25985930dacafdea525d26e0
- SHA512
  
  71fe7d0f92a18eaa1c767a63c42b946715fb8e5541f8c4cf931d1e6c3d9bdd845196e9ee6fc08af85a34bedd8ccd607baf196fb654b48af2c75c7bd1d8f0a19d
Score

7^/10
- Deletes itself
behavioral19 behavioral20
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/+FPS/memreduct.exe
- Size
  
  302KB
- MD5
  
  fe8eb129610e454ad17b9d6ccbf1df8b
- SHA1
  
  28cfddbc7faf2e66aee0eec673c7eb7beab25510
- SHA256
  
  8cea4adf5febfa9528d01259bf9b70afdb814ce8b41605b8c619a9738a9c9414
- SHA512
  
  4aa488a5844eb65fe0f72d1ab325ba07a40fa0cae658bba38f59260c1467d5c902ae8bcd6d8e2f15a5c81139147155948f99a0e303ecca001f24a58d5c5de399
- SSDEEP
  
  6144:62uLW2PbSyXuF4a4gLZRE65J3EvgxxEvM:6hBTavRh5J8qxEvM
Score

8^/10
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral21 behavioral22
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/01 Desativar DVR 1.reg
- Size
  
  122B
- MD5
  
  91f5d561019178288fdb2d45df798ccd
- SHA1
  
  c1fa51d830a7836fa533c0a89644884aa6e8007b
- SHA256
  
  c959b61590e4ca9c33cc9871ae6d77b5586c2c3f26701624a5426be72828894e
- SHA512
  
  9af41b0b90035cb9043508942d302bcc4af6b60ef1194febe68f61b2381a26d9475ebc964d940dbbab05b7549b70644f2d7afb3f36a7bb87d13ca982cfaa458b
Score

1^/10
behavioral23 behavioral24
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/Deletar Arquivos Temporarios.lnk
- Size
  
  1KB
- MD5
  
  1f8ea3059e55ee19e6986fb212590806
- SHA1
  
  13e443ea63141ba9921297d32d906c5473ce54d5
- SHA256
  
  bfeaaaffcb98b00345937a86c3757b862662159fd49f187ca46f7c2351c042dc
- SHA512
  
  53161c44cf026e610a6ccebfd0ac998b45df1925d1397494b9677e334e0e242081be29d801eab10fd22b1e2f7641829963eebe11e01ddb3fa81ca545b94b582b
Score

3^/10
behavioral25 behavioral26
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/Desativar windows update.bat
- Size
  
  2KB
- MD5
  
  d587125749f254870fe3f571a777a1b6
- SHA1
  
  7d6845cf9930fc137c351f792196cbadf0a2627a
- SHA256
  
  6be454fca098998c5e44e5f59370b265f80fe7ac54bc9af59e665c747aaed3d9
- SHA512
  
  5eea06f6a9ba64fa5c839b196af2203036d686d46ba006746eb4ea1832ed0ac7045a84afd1387e98de425dcf3671d2809984d28ab22b1c53a3d879fc62bfaffa
Score

10^/10

evasion
- Modifies security service
  evasion
behavioral27 behavioral28
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/Limpeza automática.bat
- Size
  
  824B
- MD5
  
  b741f2a2026378cfc69acc3393eba109
- SHA1
  
  1066d6b0b1648d291a635f0dd0ca3b3d3e68b8a8
- SHA256
  
  e0d757843483dadf7e2f51a526f8dbdfa2091e3a32133833535c0622ea082f84
- SHA512
  
  def0b6a0e2fc776051e54fe95818b7a7a68905c3c38824d691ff092bb62c5502084d2f435cf4935e5c49fc131165efac03c116ab1f6ef8aaeb5e0a003067c63f
Score

7^/10
- Deletes itself
behavioral29 behavioral30
- Target
  
  Optimizer/Pack Optimization/1. Otimizar Windows/OTIMIZAÇÂO.bat
- Size
  
  3KB
- MD5
  
  52068170426b58f4d06f488e8078463e
- SHA1
  
  c75b7a28910380de0978b7a16a904ff4527d8711
- SHA256
  
  1ada262f7172b7001a8464ddeab258b224db0710faa333fa57f63d0706977864
- SHA512
  
  cf7fcb738a72ae6e43228bf16b84f53a54163a9e3f0cc3c675f9673424748fc1548ce238c253dae641b2cd80843862b4411a53f5a0468bf171240c2a80f49323
Score

9^/10

evasion ransomware
- Clears Windows event logs
  evasion ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Stops running service(s)
  evasion
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Indicator Removal

T1070

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Targets

Stops running service(s)

Deletes itself

Deletes itself

Deletes itself

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Modifies security service

Deletes itself

Clears Windows event logs

Modifies boot configuration data using bcdedit

Stops running service(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32