General
-
Target
NotPetya.bin.zip
-
Size
327KB
-
Sample
240811-zsg6aaxgln
-
MD5
f2e67b2e0804c99a10ea7a85df68b7eb
-
SHA1
ade99185990249efb8feb95cca24ddc309da1b22
-
SHA256
8f285ac5a2edebfa09853a63b1a61382faa0c5a694f1d5b304cc8da93cbb6368
-
SHA512
92d3b7fa023d95f90cc785174ea74caabb1d52c81adbba2a23e60b5b2f06cb5b0f0b5a22fa99f855043a71012e4dec43f7b4eee487ab449f36c64d9faec8b440
-
SSDEEP
6144:6tzGLIeioqh6L/cvfuXlPh4iqs6+zZMiCXeaPAsQM6fzVIwvKDaVOLjcUxwe7i:QGsUqhc/Ywh49s6+zZ0ZPA9vGsOlwe7i
Malware Config
Targets
-
-
Target
NotPetya.bin
-
Size
390KB
-
MD5
5b7e6e352bacc93f7b80bc968b6ea493
-
SHA1
e686139d5ed8528117ba6ca68fe415e4fb02f2be
-
SHA256
63545fa195488ff51955f09833332b9660d18f8afb16bdf579134661962e548a
-
SHA512
9d24af0cb00fb8a5e61e9d19cd603b5541a22ae6229c2acf498447e0e7d4145fee25c8ab9d5d5f18f554e6cbf8ca56b7ca3144e726d7dfd64076a42a25b3dfb6
-
SSDEEP
12288:ef/X4NTS/x9jNG+w+9OqFoK323qdQYKU3:EXATS/x9jNg+95vdQa
Score10/10-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
mimikatz is an open source tool to dump credentials on Windows
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-