General
-
Target
ByteVaultX 2.0.exe
-
Size
9.9MB
-
Sample
240526-n31jtsab6z
-
MD5
26001ddd86377ac2ec3fcedb8d6f36b9
-
SHA1
cf4d832df5227ede476c0794cf871a4bcecb4d36
-
SHA256
a37c17c44274545f31048dddb5a98c21c10c31deda6543330e4da26bf485fc7c
-
SHA512
a09fe56683b4a42ce02b0e1e28557223bf0e925212e9f6541a805b914e08ab06843821d8e991fa0d3709e4e41b55db4c7b95496a29958665d10ab177b5a62277
-
SSDEEP
196608:9h5kRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:aGFG8S1+TtIi+Y9Z8D8CclydoPx
Behavioral task
behavioral1
Sample
ByteVaultX 2.0.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/1181543227728330774/1244074466372489216/212723.jpg?ex=6653ca22&is=665278a2&hm=488e396c7831aaf740c20bf7536b9cc45421a2218ebf98197ebc307863606195&
Extracted
C:\Encrypt\encrypt.html
Targets
-
-
Target
ByteVaultX 2.0.exe
-
Size
9.9MB
-
MD5
26001ddd86377ac2ec3fcedb8d6f36b9
-
SHA1
cf4d832df5227ede476c0794cf871a4bcecb4d36
-
SHA256
a37c17c44274545f31048dddb5a98c21c10c31deda6543330e4da26bf485fc7c
-
SHA512
a09fe56683b4a42ce02b0e1e28557223bf0e925212e9f6541a805b914e08ab06843821d8e991fa0d3709e4e41b55db4c7b95496a29958665d10ab177b5a62277
-
SSDEEP
196608:9h5kRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:aGFG8S1+TtIi+Y9Z8D8CclydoPx
-
Adds autorun key to be loaded by Explorer.exe on startup
-
Renames multiple (166) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
5Browser Extensions
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
5Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1