Overview

overview

10

Static

static

1

rocket-lea...rk.png

windows11-21h2-x64

Resubmissions

15-08-2024 00:06

240815-ad6gwsydjm 3

13-08-2024 12:24

240813-pk89patamc 10

13-08-2024 12:19

240813-phnj7ssgrg 10

13-08-2024 12:11

240813-pc2vmsseqh 8

13-08-2024 12:03

240813-n73jzsxblp 7

13-08-2024 12:02

240813-n7qkessckh 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rocket-league-spotify-artwork.png

  • Size

    833KB

  • Sample

    240813-pk89patamc

  • MD5

    28952f1e3e40281a2fab2de9f228bc8a

  • SHA1

    b4db183ea6ad6b6cc31c8cae5c6feba5352a1242

  • SHA256

    40da1cd16fd7dff442fbf3241b58b5857012b0f3c28d84c59b7ff5b97f0ee735

  • SHA512

    26a4d65a82d7594dd7cc65ecf372cd4abeb2367b7dc4589eb5e1ca55b868fae15995f0f3921580348d46e1bf2a6d803ceaad48792dde38c90ae593de8088d0b6

  • SSDEEP

    12288:BXhYChvXgQEOUmrify0TXJq8UXyTIU8sGEcqu6vO3QSWh8Xsq0BD4jJyJoc2HaP6:jHFgQEjQsq3yckGDP3Qvq0BD4jJyJoB

Score
10/10
infinitylockdefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwaretrojan

Malware Config

Targets

    • Target

      rocket-league-spotify-artwork.png

    • Size

      833KB

    • MD5

      28952f1e3e40281a2fab2de9f228bc8a

    • SHA1

      b4db183ea6ad6b6cc31c8cae5c6feba5352a1242

    • SHA256

      40da1cd16fd7dff442fbf3241b58b5857012b0f3c28d84c59b7ff5b97f0ee735

    • SHA512

      26a4d65a82d7594dd7cc65ecf372cd4abeb2367b7dc4589eb5e1ca55b868fae15995f0f3921580348d46e1bf2a6d803ceaad48792dde38c90ae593de8088d0b6

    • SSDEEP

      12288:BXhYChvXgQEOUmrify0TXJq8UXyTIU8sGEcqu6vO3QSWh8Xsq0BD4jJyJoc2HaP6:jHFgQEjQsq3yckGDP3Qvq0BD4jJyJoB

    Score
    10/10
    infinitylockdefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwaretrojan

    • InfinityLock Ransomware

      Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

      ransomwareinfinitylock

    • Modifies WinLogon for persistence

      persistence

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • UAC bypass

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Probable phishing domain

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

1
T1566

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

2
T1546

Image File Execution Options Injection

1
T1546.012

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

2
T1546

Image File Execution Options Injection

1
T1546.012

Netsh Helper DLL

1
T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Direct Volume Access

1
T1006

Impair Defenses

4
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

2
T1562.001

Safe Mode Boot

1
T1562.009

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

5
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

2
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Inhibit System Recovery

3
T1490

Tasks