General

  • Target

    WinLocker.exe.exe

  • Size

    1.7MB

  • Sample

    240615-z6rlwayelm

  • MD5

    1a013642c60039f6216d7f3906cacd00

  • SHA1

    f43ed075850c4fb8e11e9c22ba05f3a8fe30cd7f

  • SHA256

    4b168048b2b5ab19a73de1c6a3a970db65a3867f255f594be5373bfd7d1a5d93

  • SHA512

    d9d2a3d46fec945400f7eec1f8f08632868829afaf417b3ad3e78e1ebb1e2601d9d68f96b75110fc0c788546da34d9e3bcb845d351796db99b96a8f51fb461ca

  • SSDEEP

    49152:1gWzFQAwEI2iMaPhsnplri54blFp8SM6JYPTqs72cz2:mWOAfIiae2mblFpdjYPD72P

Malware Config

Targets

    • Target

      WinLocker.exe.exe

    • Size

      1.7MB

    • MD5

      1a013642c60039f6216d7f3906cacd00

    • SHA1

      f43ed075850c4fb8e11e9c22ba05f3a8fe30cd7f

    • SHA256

      4b168048b2b5ab19a73de1c6a3a970db65a3867f255f594be5373bfd7d1a5d93

    • SHA512

      d9d2a3d46fec945400f7eec1f8f08632868829afaf417b3ad3e78e1ebb1e2601d9d68f96b75110fc0c788546da34d9e3bcb845d351796db99b96a8f51fb461ca

    • SSDEEP

      49152:1gWzFQAwEI2iMaPhsnplri54blFp8SM6JYPTqs72cz2:mWOAfIiae2mblFpdjYPD72P

    Score
    8/10
    • Identifies hardware specifics through system_profiler

    • Path Permission

      Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.

    • Gatekeeper Bypass

      Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

MITRE ATT&CK Enterprise v15

Tasks