infinitylock | 0bbb82eec116663be02d2690fcdcfb9b92d199f28e1e8ff8445e2118e37d58c1 | Triage

Submit
Reports

Overview

overview

Static

static

1

ShareX.desktop

windows10-1703-x64

Sharing

General

Target

ShareX.desktop
Size

265B
Sample

240804-m25xgsxhma
MD5

25fa2120686fe25029973efe0a65109e
SHA1

29003978059e50be4556cf5c0c3c22f77cdffb3a
SHA256

0bbb82eec116663be02d2690fcdcfb9b92d199f28e1e8ff8445e2118e37d58c1
SHA512

7d54195c50c32645d1c8cf48b6a5e6af8865c37701db03d997289806ae8dde89dd8ce819ede8ef224f4c08e83a7adae1aac98e9e8024f67b1a94bf958a1dc0af

Score

10^/10

infinitylock credential_access discovery execution ransomware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ShareX.desktop

Resource

win10-20240404-en

infinitylock credential_access discovery execution ransomware stealer

windows10-1703-x64

29 signatures

1800 seconds

Malware Config

Targets

- Target
  
  ShareX.desktop
- Size
  
  265B
- MD5
  
  25fa2120686fe25029973efe0a65109e
- SHA1
  
  29003978059e50be4556cf5c0c3c22f77cdffb3a
- SHA256
  
  0bbb82eec116663be02d2690fcdcfb9b92d199f28e1e8ff8445e2118e37d58c1
- SHA512
  
  7d54195c50c32645d1c8cf48b6a5e6af8865c37701db03d997289806ae8dde89dd8ce819ede8ef224f4c08e83a7adae1aac98e9e8024f67b1a94bf958a1dc0af
Score

10^/10

infinitylock credential_access discovery execution ransomware stealer
- InfinityLock Ransomware
  Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
  ransomware infinitylock
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Detect jar appended to MSI
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

infinitylockcredential_accessdiscoveryexecutionransomwarestealer

© 2018-2024

Terms | Privacy