Overview

overview

10

Static

static

3

loader_2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader_2.exe

  • Size

    15.8MB

  • Sample

    240426-2xf5wsdg97

  • MD5

    f9ad8a7c92d0921a26e24f29930d6a5a

  • SHA1

    3b9435006ebb4e19cea30409386e0a5cdabf77c2

  • SHA256

    7e7a07eb82913a55b139630604f80586c414be285ed0e588e72f50815ab07ea4

  • SHA512

    3e7accb79af061a1895049f069877c6d30a2da7be5700bbf44b0ed2259fa689dbdf25c9a5c498414b10409fc744caebde3d5f5bd011227ebc38148486feff6fe

  • SSDEEP

    393216:YVEe/6F7EkUN3GBYzInRdGlSohPvdHbEuHL23HYQKCI:X261YWqwG4SXd7E4iIdCI

Score
10/10
ransomware

Malware Config

Targets

    • Target

      loader_2.exe

    • Size

      15.8MB

    • MD5

      f9ad8a7c92d0921a26e24f29930d6a5a

    • SHA1

      3b9435006ebb4e19cea30409386e0a5cdabf77c2

    • SHA256

      7e7a07eb82913a55b139630604f80586c414be285ed0e588e72f50815ab07ea4

    • SHA512

      3e7accb79af061a1895049f069877c6d30a2da7be5700bbf44b0ed2259fa689dbdf25c9a5c498414b10409fc744caebde3d5f5bd011227ebc38148486feff6fe

    • SSDEEP

      393216:YVEe/6F7EkUN3GBYzInRdGlSohPvdHbEuHL23HYQKCI:X261YWqwG4SXd7E4iIdCI

    Score
    10/10
    ransomware

    • Deletes NTFS Change Journal

      The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Data Destruction

1
T1485

Resource Development

Reconnaissance

Tasks