General
-
Target
2024-05-18_84c79e107bbd18a74c63814e7c539d16_bkransomware
-
Size
528KB
-
Sample
240518-z1kalsfg4z
-
MD5
84c79e107bbd18a74c63814e7c539d16
-
SHA1
c6c641a9f167d0a4d7f880e4886874eb090ba674
-
SHA256
eb9361f95836f73003afcac339770452bb718f91d431f8a0348886b5c39437c3
-
SHA512
299f8d51634e766e745e427555a70bc634a0393b48d7f6cab2b2d6068f69aa412edd44af59eb4aef26694d44f8c2543c837c3d35b5f5b68a4f678806999a8f7e
-
SSDEEP
6144:eoyZmTAsfJFakxaLjcMkc0Cax1PUGp6bYA0w601+dNT9/0626ASkVOAFmplN7YR7:eoyIJsMPrPhp6bYboEdNDUp
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-18_84c79e107bbd18a74c63814e7c539d16_bkransomware.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-05-18_84c79e107bbd18a74c63814e7c539d16_bkransomware
-
Size
528KB
-
MD5
84c79e107bbd18a74c63814e7c539d16
-
SHA1
c6c641a9f167d0a4d7f880e4886874eb090ba674
-
SHA256
eb9361f95836f73003afcac339770452bb718f91d431f8a0348886b5c39437c3
-
SHA512
299f8d51634e766e745e427555a70bc634a0393b48d7f6cab2b2d6068f69aa412edd44af59eb4aef26694d44f8c2543c837c3d35b5f5b68a4f678806999a8f7e
-
SSDEEP
6144:eoyZmTAsfJFakxaLjcMkc0Cax1PUGp6bYA0w601+dNT9/0626ASkVOAFmplN7YR7:eoyIJsMPrPhp6bYboEdNDUp
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5