Overview

overview

8

Static

static

3

7850216edc...3e.exe

windows7-x64

8

7850216edc...3e.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    7850216edcd60c113621c5bf237f2f220cd46bf3f1266016a0197e342f24373e

  • Size

    12.7MB

  • Sample

    240523-rrdgpseb6y

  • MD5

    aae56f19fc8319d8246b55167bbb7dfc

  • SHA1

    2f7defd3b091f0bbc773e13751f135713f282edf

  • SHA256

    7850216edcd60c113621c5bf237f2f220cd46bf3f1266016a0197e342f24373e

  • SHA512

    104cbab242eed12b215a3786cc5d7795faed3ed3792b5d296a634ff48ec28571590a4af68f7139bfc09c9c0dee2821434faaf70a97231b72f434f49195451dd4

  • SSDEEP

    196608:g07lhv4+zaZK4DT81o3LAKmP0R/7pS2E5RV9BYb3mnSdK/zvwpyFl1v6psjLm:z7zxzaZKt1o3IP0RsLRVk4fFl1v6pQ

Score
8/10
adwareevasionpersistenceransomwarestealerupx

Malware Config

Targets

    • Target

      7850216edcd60c113621c5bf237f2f220cd46bf3f1266016a0197e342f24373e

    • Size

      12.7MB

    • MD5

      aae56f19fc8319d8246b55167bbb7dfc

    • SHA1

      2f7defd3b091f0bbc773e13751f135713f282edf

    • SHA256

      7850216edcd60c113621c5bf237f2f220cd46bf3f1266016a0197e342f24373e

    • SHA512

      104cbab242eed12b215a3786cc5d7795faed3ed3792b5d296a634ff48ec28571590a4af68f7139bfc09c9c0dee2821434faaf70a97231b72f434f49195451dd4

    • SSDEEP

      196608:g07lhv4+zaZK4DT81o3LAKmP0R/7pS2E5RV9BYb3mnSdK/zvwpyFl1v6psjLm:z7zxzaZKt1o3IP0RsLRVk4fFl1v6pQ

    Score
    8/10
    adwareevasionpersistenceransomwarestealerupx

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Sets file execution options in registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks