c7c562faf05a37549c96db450594051b30e2f4fc3010918e25d198ad028f1b1f | Triage

Sharing

General

Target

malware.txt
Size

7KB
Sample

240519-vqevxsgh94
MD5

6e0473af4fbc9223bb02c4cbbad2ae4e
SHA1

e710bf9f0dc329d34644f869d580eb378bf179ec
SHA256

c7c562faf05a37549c96db450594051b30e2f4fc3010918e25d198ad028f1b1f
SHA512

e0de847f7fe1c0965cc1d2bb019441b7cd05890ba3d19c618a396de334e58dcca2fd5867756fb2f9d80d06f6fd85fc13f12c8c4855eb7844ff99bb3ca67a1444
SSDEEP

96:qD2WSNb8mN8r9f4PPfMSHnx2gqoAqb1j8RW8E/zmdPzWdEKuWP2W9Nukim26I95F:qD8qrZgX7xrCdPidfbj26I9z

Score

10^/10

discovery evasion execution exploit persistence ransomware trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://bonzi.link/Bon.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://bonzi.link/Bon.zip

Targets

- Target
  
  malware.txt
- Size
  
  7KB
- MD5
  
  6e0473af4fbc9223bb02c4cbbad2ae4e
- SHA1
  
  e710bf9f0dc329d34644f869d580eb378bf179ec
- SHA256
  
  c7c562faf05a37549c96db450594051b30e2f4fc3010918e25d198ad028f1b1f
- SHA512
  
  e0de847f7fe1c0965cc1d2bb019441b7cd05890ba3d19c618a396de334e58dcca2fd5867756fb2f9d80d06f6fd85fc13f12c8c4855eb7844ff99bb3ca67a1444
- SSDEEP
  
  96:qD2WSNb8mN8r9f4PPfMSHnx2gqoAqb1j8RW8E/zmdPzWdEKuWP2W9Nukim26I95F:qD8qrZgX7xrCdPidfbj26I9z
Score

10^/10

discovery evasion execution exploit persistence ransomware trojan
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Blocklisted process makes network request
- Creates new service(s)
  persistence execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryevasionexecutionexploitpersistenceransomwaretrojan