55bab36c2785490a3575f7c20d7971db267981fcb8e191eae945d120699e68d8 | Triage

Resubmissions

11/08/2024, 23:34

240811-3kelzayfkg 3

11/08/2024, 23:33

240811-3jy9zsvanj 1

11/08/2024, 23:29

240811-3gq6lathmk 10

Sharing

Copy URL Twitter E-mail

General

Target

Oculus.lnk
Size

2KB
Sample

240811-3gq6lathmk
MD5

0c7f9b6d8605370f4f45ccbe3a10a769
SHA1

326feef86bae0af57442619997c7f1485a64c8ba
SHA256

55bab36c2785490a3575f7c20d7971db267981fcb8e191eae945d120699e68d8
SHA512

1a415fb0b945a5b51c15dd6ec09070823e1c847f20574759eb29a710180138d1a8bb4513b875d3a31172ee33eda3b1481376774acb5562ab916f976ed613fec6

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Oculus.lnk
- Size
  
  2KB
- MD5
  
  0c7f9b6d8605370f4f45ccbe3a10a769
- SHA1
  
  326feef86bae0af57442619997c7f1485a64c8ba
- SHA256
  
  55bab36c2785490a3575f7c20d7971db267981fcb8e191eae945d120699e68d8
- SHA512
  
  1a415fb0b945a5b51c15dd6ec09070823e1c847f20574759eb29a710180138d1a8bb4513b875d3a31172ee33eda3b1481376774acb5562ab916f976ed613fec6
Score

10^/10

discovery evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoveryevasionpersistenceransomwaretrojan