Overview

overview

10

Static

static

1

Phishing.exe

windows10-1703-x64

10

Phishing.exe

windows10-2004-x64

10

Phishing.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Phishing.exe

  • Size

    600KB

  • Sample

    240613-kzax8awckn

  • MD5

    2437e352ff0a8776a4db6a9ad491e3aa

  • SHA1

    a78d5b3bed12f8347870b68017af6143b618fcbe

  • SHA256

    7855ddefcaaa6271873f7c667152310ce54b2a998b086e9d6c00e0baf2c7e74f

  • SHA512

    c3ec585dded4052eb9d10a8d55b05c6f34ba10c384b172bc2b64402726ef1d4d1a22e65f50b25f579eb150a3f24d3e5b35ed74bdd131e4dc3cf084a18c5b0ec8

  • SSDEEP

    6144:wOYGXaPNxdgSdcq2pVZPOJHAbKhKXgTTSjpdqAzn2n3ignO:kGqN/XdctpVtkRLTodqAzs3igO

Score
10/10
defense_evasionexecutionimpactpersistenceransomware

Malware Config

Targets

    • Target

      Phishing.exe

    • Size

      600KB

    • MD5

      2437e352ff0a8776a4db6a9ad491e3aa

    • SHA1

      a78d5b3bed12f8347870b68017af6143b618fcbe

    • SHA256

      7855ddefcaaa6271873f7c667152310ce54b2a998b086e9d6c00e0baf2c7e74f

    • SHA512

      c3ec585dded4052eb9d10a8d55b05c6f34ba10c384b172bc2b64402726ef1d4d1a22e65f50b25f579eb150a3f24d3e5b35ed74bdd131e4dc3cf084a18c5b0ec8

    • SSDEEP

      6144:wOYGXaPNxdgSdcq2pVZPOJHAbKhKXgTTSjpdqAzn2n3ignO:kGqN/XdctpVtkRLTodqAzs3igO

    Score
    10/10
    defense_evasionexecutionimpactpersistenceransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks