Overview

overview

10

Static

static

1

Ransomware...ya.exe

windows7-x64

10

Ransomware...ya.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware.NotPetya.zip

  • Size

    325KB

  • Sample

    240703-2vjg8szfpn

  • MD5

    45ef7e2639881aa74045948c1a88e238

  • SHA1

    ade4f8390bcecf63e2eb156458c3695f482ebc29

  • SHA256

    e590e18427d3445a31c26bfb2083a6393d8742cbb1005f079ba7c5401bdad1fa

  • SHA512

    05bb1bc0331fa56aeec4e182e8c684a0d67b20d8618cc26e20a93162e43a288e35dc7d98c615fc09a1b147b859082a2d57ffeb8c59e675d0f6e583348adce308

  • SSDEEP

    6144:PwHvv7UeA+7gEUHPonOT2KtdLcQCn1wCVhjq/Xab+rdDdRPqPO7QofWCH4CYBkfK:Y3lgEoQnYdAQCnZVZSqb2PQAyCYhBn

Score
10/10
mimikatzbootkitpersistencespywarestealer

Malware Config

Targets

    • Target

      Ransomware.NotPetya.exe

    • Size

      366KB

    • MD5

      e5cc289b0b2b74b8e02f5a7f07867705

    • SHA1

      81a884e16a81979c7fe56e61bcfdb94f8bb937ff

    • SHA256

      6497eb7e530ccecce0bc9d8a0771221d7e980b7be875b2b3969110eb8b8f2305

    • SHA512

      4cd22f953ce44d6d960dbe2bf651ae01fc865ec45742450a24a15c6f6b48b825b7979dbf287bf87f8290344f7bf5bf69d1c1f762f2e81a27d1fe0997712a5d2f

    • SSDEEP

      6144:vLh5iWs5gArF3LDd84ESQoCGhWg2ZQkyDfTbjfyLX1WYaaGM6Btk2:vN5iWs5gZ4E6CyWgcQBzvja4YaaUtk2

    Score
    10/10
    mimikatzbootkitpersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks