d501098e14a99660be5833872a810cf6d7a6e09ee0af021b0fd6f530e769bbf8 | Triage

Submit
Reports

Overview

overview

Static

static

7

NAKED_CONE_GIRL.exe

windows7-x64

Resubmissions

15/06/2024, 14:31

240615-rvwgpatend 10

13/06/2024, 18:45

240613-xecbrssarj 7

Sharing

Copy URL Twitter E-mail

General

Target

NAKED_CONE_GIRL.exe
Size

923KB
Sample

240615-rvwgpatend
MD5

65179ca2f500c71ec9000c70d108e570
SHA1

1dc26ce476b9ae305d4a1364cbc673d49ee92455
SHA256

d501098e14a99660be5833872a810cf6d7a6e09ee0af021b0fd6f530e769bbf8
SHA512

ebc75d2f8fb60f06f3819ed6f4f7d06a5808b22967217a09ae32e3a032283f8602bde8d85c7ab075dcc22363c03192500f453b50f48e7c8d9f9bd65df428f642
SSDEEP

24576:sk4EGF2oYSA+SCUMFpuKPzWqtGw3/Qtft:s1sV+5U6jPzdGYQZt

Score

10^/10

bootkit defense_evasion evasion execution impact persistence ransomware trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NAKED_CONE_GIRL.exe

Resource

win7-20240220-en

bootkit defense_evasion evasion execution impact persistence ransomware trojan upx

windows7-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  NAKED_CONE_GIRL.exe
- Size
  
  923KB
- MD5
  
  65179ca2f500c71ec9000c70d108e570
- SHA1
  
  1dc26ce476b9ae305d4a1364cbc673d49ee92455
- SHA256
  
  d501098e14a99660be5833872a810cf6d7a6e09ee0af021b0fd6f530e769bbf8
- SHA512
  
  ebc75d2f8fb60f06f3819ed6f4f7d06a5808b22967217a09ae32e3a032283f8602bde8d85c7ab075dcc22363c03192500f453b50f48e7c8d9f9bd65df428f642
- SSDEEP
  
  24576:sk4EGF2oYSA+SCUMFpuKPzWqtGw3/Qtft:s1sV+5U6jPzdGYQZt
Score

10^/10

bootkit defense_evasion evasion execution impact persistence ransomware trojan upx
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

System Services

Service Execution

Windows Management Instrumentation

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Indicator Removal

File Deletion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Service Stop

Tasks

static1

behavioral1

bootkitdefense_evasionevasionexecutionimpactpersistenceransomwaretrojanupx

© 2018-2025

Terms | Privacy