Overview

overview

10

Static

static

3

Unconfirme...06.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Unconfirmed 903706.crdownload

  • Size

    771KB

  • Sample

    240805-j7l5sa1cql

  • MD5

    2782877418b44509fd306fd9afe43e39

  • SHA1

    b0c18bdf782ca9c4fa41074f05458ce8e0f3961b

  • SHA256

    56d612e014504c96bb92429c31eb93f40938015d422b35765912ac4e6bd3755b

  • SHA512

    8826881b3ab406ee4c1fabd4848161f8524aeaeb7c4397384d36840f947ef95c8560850b2409fbf761ff225cdc8ac6eb875b705476fe9574b23c7a5478505a86

  • SSDEEP

    24576:OeTrmlZGPL7NV9+VitFsQUxY8BGOdQSqZ:hT6KDrmIFsBJBG4XqZ

Score
10/10
discoveryevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Unconfirmed 903706.crdownload

    • Size

      771KB

    • MD5

      2782877418b44509fd306fd9afe43e39

    • SHA1

      b0c18bdf782ca9c4fa41074f05458ce8e0f3961b

    • SHA256

      56d612e014504c96bb92429c31eb93f40938015d422b35765912ac4e6bd3755b

    • SHA512

      8826881b3ab406ee4c1fabd4848161f8524aeaeb7c4397384d36840f947ef95c8560850b2409fbf761ff225cdc8ac6eb875b705476fe9574b23c7a5478505a86

    • SSDEEP

      24576:OeTrmlZGPL7NV9+VitFsQUxY8BGOdQSqZ:hT6KDrmIFsBJBG4XqZ

    Score
    10/10
    discoveryevasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks