Overview

overview

7

Static

static

3

Ention FULL.exe

windows10-1703-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ention FULL.exe

  • Size

    6.2MB

  • Sample

    240523-1m3epsaa2t

  • MD5

    3afdd7b7018fff0ff6c7d378ddc641d6

  • SHA1

    2915697b0e41ec983e489166152cdddf8a13a5f7

  • SHA256

    9755b75a23a85e19954802f757b2f86e5dde5bd661e7dbed2141d89090da924e

  • SHA512

    04435208aa767888c296d007ba25711f5d21d2edc38a6c3271ad8b10d33516f67b04c60f579a5ad48ef34fa09e380b7cd2b0d9959591875b1aae14efb118fed4

  • SSDEEP

    98304:x7LLFjNI2/wH2ra222JahmMcvjDovOiovQVginsS7RCcUy43pk3VnbpL:RZjGuwH2ra0JahCDo209k8spi5pL

Score
7/10
ransomware

Malware Config

Targets

    • Target

      Ention FULL.exe

    • Size

      6.2MB

    • MD5

      3afdd7b7018fff0ff6c7d378ddc641d6

    • SHA1

      2915697b0e41ec983e489166152cdddf8a13a5f7

    • SHA256

      9755b75a23a85e19954802f757b2f86e5dde5bd661e7dbed2141d89090da924e

    • SHA512

      04435208aa767888c296d007ba25711f5d21d2edc38a6c3271ad8b10d33516f67b04c60f579a5ad48ef34fa09e380b7cd2b0d9959591875b1aae14efb118fed4

    • SSDEEP

      98304:x7LLFjNI2/wH2ra222JahmMcvjDovOiovQVginsS7RCcUy43pk3VnbpL:RZjGuwH2ra0JahCDo209k8spi5pL

    Score
    7/10
    ransomware

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks