Overview

overview

8

Static

static

1

lolhahahac...oo.zip

windows7-x64

1

lolhahahac...oo.zip

windows10-2004-x64

1

lolhahahac...lo.bat

windows7-x64

8

lolhahahac...lo.bat

windows10-2004-x64

8

Resubmissions

10/08/2024, 13:20

240810-qlcsjs1ckp 8

10/08/2024, 10:03

240810-l3p2zsvdjj 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    lolhahahackerwowohnoo.zip

  • Size

    356KB

  • Sample

    240810-l3p2zsvdjj

  • MD5

    99b1634b16aa0114a2a4034f89374ab2

  • SHA1

    ba0fa3a7c86d5beb626fd4ff9bdb3ef19aa07f36

  • SHA256

    0dd46341ec484a9634677c19ce94f04287f2f288c7bf4b751e0ca28a569986a2

  • SHA512

    19e1a0079fbf4beb68c856bf8728b094b8cd193e97b115af9f51f6b08481d8f32c1b2029649713685bb608dc1d2bb3d13cb398fb6607cf5a4cfa02b7877a752b

  • SSDEEP

    6144:e7gIXyojWkYhSlOipmMdb+BKqV8tj8axlWPpXD37mP9uL1+aUBejerUGOI2ta:+nvfqK8aDANy/h

Score
8/10
microsoftdiscoveryexecutionphishingransomware

Malware Config

Targets

    • Target

      lolhahahackerwowohnoo.zip

    • Size

      356KB

    • MD5

      99b1634b16aa0114a2a4034f89374ab2

    • SHA1

      ba0fa3a7c86d5beb626fd4ff9bdb3ef19aa07f36

    • SHA256

      0dd46341ec484a9634677c19ce94f04287f2f288c7bf4b751e0ca28a569986a2

    • SHA512

      19e1a0079fbf4beb68c856bf8728b094b8cd193e97b115af9f51f6b08481d8f32c1b2029649713685bb608dc1d2bb3d13cb398fb6607cf5a4cfa02b7877a752b

    • SSDEEP

      6144:e7gIXyojWkYhSlOipmMdb+BKqV8tj8axlWPpXD37mP9uL1+aUBejerUGOI2ta:+nvfqK8aDANy/h

    Score
    1/10
    behavioral1behavioral2

    • Target

      lolhahahackerwowohnoo/hello.bat

    • Size

      2KB

    • MD5

      d51621e27667aad9fa339cc33b26cc52

    • SHA1

      6cbc2853cabf7f8b7fcd23c8f3ae10b3022b743a

    • SHA256

      f01291a8fcde83ba8e8cf48b30491bd0cb49d4ff8f3a3a029094032a13d71305

    • SHA512

      7a22494286a251945e7b1a735398be09105cd361aed033b0350bdecfd75e63d578513e20bf02a599b0ec616ece40254ed44c83ef4f7e18ab2b9de41c82a0bb82

    Score
    8/10
    executionransomwaremicrosoftdiscoveryphishing

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks