Overview

overview

9

Static

static

1

sample.js

windows11-21h2-x64

9

Resubmissions

01/05/2024, 17:14

240501-vsfj8sbh7y 9

26/04/2024, 18:08

240426-wrcydsaa6y 1

26/04/2024, 18:06

240426-wp9jksaa5t 1

26/04/2024, 18:04

240426-wnkttshh81 4

26/04/2024, 18:00

240426-wlsfwsha92 4

Sharing

Copy URL Twitter E-mail

General

  • Target

    sample

  • Size

    82KB

  • Sample

    240501-vsfj8sbh7y

  • MD5

    fcd9409e118563034437873e3970cd41

  • SHA1

    c1f415ba7edaf4c36df0bf551c208aa4361f9e0a

  • SHA256

    e7fef8cf84638066b0991bf6a6fd8842e35ada8a0ce50f9b51afc390ab0c3a8e

  • SHA512

    2ae93aab56e51eaf891017531a05f61b6b3efde4c64210663ec256b7b839b17c204d281506380cc5ed388b2a0bdd1be5d52caf3093ae4c52779729f8c91026f3

  • SSDEEP

    1536:zqcEYq4NOFYWvjpA8KQkeSVN0NtsJtkt0xo8J:GcEYqmOjpOtS0j

Score
9/10
adwarediscoveryevasionpersistenceransomwarestealertrojan

Malware Config

Targets

    • Target

      sample

    • Size

      82KB

    • MD5

      fcd9409e118563034437873e3970cd41

    • SHA1

      c1f415ba7edaf4c36df0bf551c208aa4361f9e0a

    • SHA256

      e7fef8cf84638066b0991bf6a6fd8842e35ada8a0ce50f9b51afc390ab0c3a8e

    • SHA512

      2ae93aab56e51eaf891017531a05f61b6b3efde4c64210663ec256b7b839b17c204d281506380cc5ed388b2a0bdd1be5d52caf3093ae4c52779729f8c91026f3

    • SSDEEP

      1536:zqcEYq4NOFYWvjpA8KQkeSVN0NtsJtkt0xo8J:GcEYqmOjpOtS0j

    Score
    9/10
    adwarediscoveryevasionpersistenceransomwarestealertrojan

    • Renames multiple (125) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks