General
-
Target
Optimizer.exe
-
Size
2.4MB
-
Sample
240511-kzzatadb68
-
MD5
cc4ed359031db8b3816f280a0cbda217
-
SHA1
537f393978f91eef2ac22ce82ee1b2f9c6dd2d72
-
SHA256
26c64c2fafcd264b8130462ff6e40a6498ec6937fe95d5e83964388ae9597c4d
-
SHA512
e443b5cb8b86a919a800825204624b651b5196e043d83529014625d7e161a6f7a6083857d2415eaa6293cf312389fbf39ea9a338307e8270dcc4812136e84077
-
SSDEEP
24576:S2mofuHtzyxlMOlJv8EC8KJWGlF+Bjk38WuBcAbwoA/BkjSHXP36RMG:S2msuHtzyxl+EC8KoVCSA/Bkj0
Static task
static1
Behavioral task
behavioral1
Sample
Optimizer.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Optimizer.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Optimizer.exe
-
Size
2.4MB
-
MD5
cc4ed359031db8b3816f280a0cbda217
-
SHA1
537f393978f91eef2ac22ce82ee1b2f9c6dd2d72
-
SHA256
26c64c2fafcd264b8130462ff6e40a6498ec6937fe95d5e83964388ae9597c4d
-
SHA512
e443b5cb8b86a919a800825204624b651b5196e043d83529014625d7e161a6f7a6083857d2415eaa6293cf312389fbf39ea9a338307e8270dcc4812136e84077
-
SSDEEP
24576:S2mofuHtzyxlMOlJv8EC8KJWGlF+Bjk38WuBcAbwoA/BkjSHXP36RMG:S2msuHtzyxl+EC8KoVCSA/Bkj0
-
Modifies visibility of file extensions in Explorer
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
2Service Execution
2Windows Management Instrumentation
1Command and Scripting Interpreter
1Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1