Overview

overview

8

Static

static

3

2024-08-05...re.exe

windows7-x64

8

2024-08-05...re.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-05_6e877e91ebdc0fbbced46af7bdedb9b6_bkransomware

  • Size

    6.7MB

  • Sample

    240805-jrbzwazgrk

  • MD5

    6e877e91ebdc0fbbced46af7bdedb9b6

  • SHA1

    3878083686d6eba27e7d914235d8a817ec516f56

  • SHA256

    4661333bebfb27d6d26b199112c8f18198539198a30f53bf1aabc717f543684b

  • SHA512

    5524bd01e8dffad336ebee644b6285dc0f1476b65d3d8b368ac304d8fa056055b5988e1b83e64806009e658fd09c35bdcff3819046d091ba35e4dbfcaa34ecb7

  • SSDEEP

    196608:r5VyxQv+JRbIeBTsWrupdujxWVckrxrujUt3lHM3:1we+JREeCWrsu4rrsUt3l

Score
8/10
defense_evasiondiscoveryexecution

Malware Config

Targets

    • Target

      2024-08-05_6e877e91ebdc0fbbced46af7bdedb9b6_bkransomware

    • Size

      6.7MB

    • MD5

      6e877e91ebdc0fbbced46af7bdedb9b6

    • SHA1

      3878083686d6eba27e7d914235d8a817ec516f56

    • SHA256

      4661333bebfb27d6d26b199112c8f18198539198a30f53bf1aabc717f543684b

    • SHA512

      5524bd01e8dffad336ebee644b6285dc0f1476b65d3d8b368ac304d8fa056055b5988e1b83e64806009e658fd09c35bdcff3819046d091ba35e4dbfcaa34ecb7

    • SSDEEP

      196608:r5VyxQv+JRbIeBTsWrupdujxWVckrxrujUt3lHM3:1we+JREeCWrsu4rrsUt3l

    Score
    8/10
    defense_evasiondiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks