Extracted

• • Target

    dashboard for all stealers (recomended for start)/paid dashboard.exe

  • Size

    2.5MB

  • MD5

    660e26001a8891e78135a09d3ec2623f

  • SHA1

    bd95c1955be08eaecefa7b3dd1cbdac7387b6d06

  • SHA256

    1811c7b5ddcc6637a782bf32db70b60bd0bf3ec2b3498716591f718cda25fd14

  • SHA512

    590df723aaa52806f664adec89bf6e8e570a9c88b4858131fb59f23e31ab3302189393bceb58fe1aa71475065aefab2d093d5f8ad6296693d4124e5a10a34e92

  • SSDEEP

    49152:cCEz1VWQraflEcY8GSFJ2CBUm5htDRvG0JuH0Xv6GVO8UKlo:cn14QilESfFim15rtxUuo

  Score

  10^/10

  discoveryevasionpersistenceransomwaretrojanupx

  • UAC bypass

    evasiontrojan

  • Disables Task Manager via registry modification

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1

• • Target

    open for more info/more info.exe

  • Size

    666KB

  • MD5

    989ae3d195203b323aa2b3adf04e9833

  • SHA1

    31a45521bc672abcf64e50284ca5d4e6b3687dc8

  • SHA256

    d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f

  • SHA512

    e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

  • SSDEEP

    12288:85J5X487qJUtcWfkVJ6g5s/cD01oKHQyis2AePsr8nP712TB:s487pcZEgwcDpg1L2tbPR2t

  Score

  10^/10

  discoveryevasionpersistenceransomwaretrojan

  • Modifies WinLogon for persistence

    persistence

  • UAC bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops desktop.ini file(s)

  • Modifies WinLogon

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral2

• • Target

    password grabber recommended/password stealer.EXE

  • Size

    3.4MB

  • MD5

    84c82835a5d21bbcf75a61706d8ab549

  • SHA1

    5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

  • SHA256

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

  • SHA512

    90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

  • SSDEEP

    98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Sets desktop wallpaper using registry

    ransomware
  behavioral3

• • Target

    stealer tool (most recomended)/stealer tool dashboard.exe

  • Size

    51.7MB

  • MD5

    e1dfc4f445c9d5eb075009970c116128

  • SHA1

    46b9604d6c5cd96204bf51a754520003455f1aa3

  • SHA256

    83ddf34331d00285918cff184a6a8ff26fc8d6682018bdee6cf54cb7824fe8d8

  • SHA512

    fec0cde77d6accba6976b3864302ba801f450df440bbc8b38386bc3fbf2cf3b12773d04c32480f67ede4396bafe3a34b0500d776d9d7d489c466eac80b2180de

  • SSDEEP

    1572864:AKsj6R2Q/mBlOYlGLTHY9G4FEujFMm+B997DaNHN1oS72fnD9hRzZ01tO0DpvrvI:C6WcLjY9G4FEujFMm+B997DaNHN1oS76

  Score

  3^/10

  discovery
  behavioral4

• • Target

    stealer tool + secret options/ADM Adrenaline Ultimate Edition.exe

  • Size

    15.0MB

  • MD5

    8f5a2b3154aba26acf5440fd3034326c

  • SHA1

    b4d508ee783dc1f1a2cf9147cc1e5729470e773b

  • SHA256

    fc7e799742a1c64361a8a9c3fecdf44f9db85f0bf57f4fb5712519d12ba4c5ac

  • SHA512

    01c052c71a2f97daf76c91765e3ee6ec46ca7cb67b162c2fc668ef5ee35399622496c95568dedffbaf72524f70f6afcfe90f567fbb653a93d800664b046cd5f2

  • SSDEEP

    393216:l2iLiU7VXd6AKprP7iJx4J20cQ3qpalJZfhxGWqIcckC:l2iNObp4x820AS7nj

  Score

  10^/10

  bootkitdiscoveryevasionexploitpersistenceransomwaretrojan

  • Modifies WinLogon for persistence

    persistence

  • UAC bypass

    evasiontrojan

  • Disables Task Manager via registry modification

    evasion

  • Possible privilege escalation attempt

    exploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Modifies file permissions

    discovery

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral5