Overview

overview

9

Static

static

3

bsod fix.bat

windows7-x64

1

bsod fix.bat

windows10-2004-x64

1

u237cgatAh2.exe

windows7-x64

5

u237cgatAh2.exe

windows10-2004-x64

5

w11 fix.bat

windows7-x64

9

w11 fix.bat

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    u237cgatAh2.rar

  • Size

    5.2MB

  • Sample

    240427-ceweeshf6v

  • MD5

    dde62c5ddd6c25eeff6a63d884d008c3

  • SHA1

    b213a8cdd20573760c77def7b3a624b78e7d2604

  • SHA256

    58691af22fbd8b84e66bd2d90b606ca66255319bf6077887fa784b83587c8ae3

  • SHA512

    73692e38e211bf8553fbea14221240c9f82fa21e88a807e261c55533ef89285184754d2c943ae16dda3fb2e15e05e283ca932876fa6f2578982d902d9f37063b

  • SSDEEP

    98304:1BXcdFo0lJIIzKdmRqedbGcG94LEGLaXiOD7u6YzA5IbAnOTDtG2RB:1hcvo0nI1dmskGCLEJvy6uAibAnEDvB

Score
9/10
evasionransomware

Malware Config

Targets

    • Target

      bsod fix.bat

    • Size

      415B

    • MD5

      392f331dc1744fbe560a2a17d7ca838f

    • SHA1

      817559945e137d036f47b26696d4fab5f22572c1

    • SHA256

      318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5

    • SHA512

      0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd

    Score
    1/10
    behavioral1behavioral2

    • Target

      u237cgatAh2.exe

    • Size

      5.6MB

    • MD5

      0e2c1ee8e6bdb339094ec24026a01e20

    • SHA1

      449972cb63e21bf25d03ad1e85cf87af97c75a2e

    • SHA256

      ffe104f44b6a84074e2305fba55c1cb777446d1dace44c23eaf873536dcc542f

    • SHA512

      c0a71a9d796802bdf7110c8f69ebdaeb9c968df69b41a8bc1ff52f3a4082f40df93085ec278863acc93763ca11114b4eac5278db136540be0bea67aa93c607c5

    • SSDEEP

      98304:6s2vdJmvMwJ2liHiHeCJ+46C2m0B/YMh6FuLChc4n5Gc6jLq:6pdJK/46iHu4525Vh6FuLChRn5l6j2

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      w11 fix.bat

    • Size

      507B

    • MD5

      6fb44052dc5a85a097feeb91d7a81712

    • SHA1

      29db33e6cf3286a6ba82af684ac535d42b43d257

    • SHA256

      7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026

    • SHA512

      ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a

    Score
    9/10
    evasionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Resource Development

Reconnaissance

Tasks