Resubmissions
12-05-2024 23:12
240512-268aqsge5x 812-05-2024 23:08
240512-24jjlage4x 1012-05-2024 23:00
240512-2y6f6sbe99 112-05-2024 22:56
240512-2w4jssbe92 1012-05-2024 22:52
240512-2tg8sagd8v 1012-05-2024 22:47
240512-2qptfsbe63 1012-05-2024 22:41
240512-2mlydsbe49 912-05-2024 22:39
240512-2kxxwagd41 1012-05-2024 22:35
240512-2h1kzsgd4s 10General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware
-
Sample
240512-2mlydsbe49
Malware Config
Targets
-
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3