Resubmissions
12-05-2024 23:12
240512-268aqsge5x 812-05-2024 23:08
240512-24jjlage4x 1012-05-2024 23:00
240512-2y6f6sbe99 112-05-2024 22:56
240512-2w4jssbe92 1012-05-2024 22:52
240512-2tg8sagd8v 1012-05-2024 22:47
240512-2qptfsbe63 1012-05-2024 22:41
240512-2mlydsbe49 912-05-2024 22:39
240512-2kxxwagd41 1012-05-2024 22:35
240512-2h1kzsgd4s 10General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware
-
Sample
240512-1ptkksgc31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware
-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Renames multiple (84) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
6Hide Artifacts
1Hidden Files and Directories
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1