Extracted

Extracted

• • Target

    malware.zip

  • Size

    19.0MB

  • MD5

    dbe043570af9fefa680af63700077184

  • SHA1

    115e824543c9281399d9670a583ff4b1dde422ef

  • SHA256

    ec0f02edde4086d5f3dad2cd8fe33bbea9d68245f0d75affe2135ae0270a4543

  • SHA512

    1a6b44da4b0cd14c7d482d3e4e717b3ea4a908841ec318bb2a56e8afcf659f2bd5ffba187974de62de07c590a8e55a813493577ce87e826efa52ac9a80a9bc6a

  • SSDEEP

    393216:Fdlmao1Hn7SIRferH0dUmWCb9R8Vi0od6mwLb7Be4H1Cu1m72WEyU6h1+DzXUwCk:XS7SafbUmWCbjQmwLb7Be4H1J1m72WER

  Score

  1^/10
  behavioral1

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/7za.exe

  • Size

    772KB

  • MD5

    b93eb0a48c91a53bda6a1a074a4b431e

  • SHA1

    ac693a14c697b1a8ee80318e260e817b8ee2aa86

  • SHA256

    ab15a9b27ee2d69a8bc8c8d1f5f40f28cd568f5cbb28d36ed938110203f8d142

  • SHA512

    732cb0dcb2b1dac1a7462554c256cec27de243734f79b7f87026e9f5fbae6d5d8a5f14a702d2af0b65897b6abad70a9eff1905dc851ce267d221ddcdd9e640c5

  • SSDEEP

    24576:DFhjj7f4K+ao308d0ORMz27R0iIdclDJiD:JlwpP90OFWxD

  Score

  3^/10

  discovery
  behavioral2

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/DC.exe

  • Size

    802KB

  • MD5

    ac34ba84a5054cd701efad5dd14645c9

  • SHA1

    dc74a9fd5560b7c7a0fc9d183de9d676e92b9e8b

  • SHA256

    c576f7f55c4c0304b290b15e70a638b037df15c69577cd6263329c73416e490e

  • SHA512

    df491306a3c8ddb580b7cca1dce9e22a87fd43ca3632f3630cdcbe114bef243e847b2ce774d688f6e142516f2e0fc49d30fad7c7168e627523da21e2fe06836a

  • SSDEEP

    12288:NaWzgMg7v3qnCiPErQohh0F4uCJ8lnyIQJ9QudhzYOekDXiGt8PSmQ:MaHMv6CrrjSnyIQ8+ekGA8PSmQ

  Score

  3^/10

  discovery
  behavioral3

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/[email protected]

  • Size

    2.4MB

  • MD5

    0bf7c0d8e3e02a6b879efab5deab013c

  • SHA1

    4f93d2cda84e669eeddcfeb2e2fa2319901059a1

  • SHA256

    b600e06f14e29b03f0b1456723a430b5024816518d704a831dde2dc9597ce9c9

  • SHA512

    313f9a8ae5a0096488996f51ce0d2049f7040b5cba1f6efd6e7190517accffad9af4d72eb551755978e624f4089b9e5983eae792496b2e8e6da5a6cd7939ae5f

  • SSDEEP

    49152:Va/RPnb1b+uL5KTu8l6VP/DOdmGtPY4ldPLuGHnKESY:Va/RTd56M9/DmmGmMiG

  Score

  10^/10

  mimicdiscoveryevasionexecutionpersistenceransomwaretrojan

  • Detects Mimic ransomware

  • Mimic

    Ransomware family was first exploited in the wild in 2022.

    ransomwaremimic

  • UAC bypass

    evasiontrojan

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes System State backups

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Event Triggered Execution: Image File Execution Options Injection

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  behavioral4

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/Everything.db

  • Size

    28.7MB

  • MD5

    5be65f749d8536954c242d0f541a21a6

  • SHA1

    ff2a66004ec61337c1dc2be777c8ea1ed75a8308

  • SHA256

    cf98330caf3aca7e70676b034507647c377bc487d8a666945b089d698de63b62

  • SHA512

    d8076764c0888e63d823185fdba4392d2bcea14a2f94c367d7fdd863afff518e49ce2d6b4f815450bd5e394db791911ba489bf82be6e884d159cd4af3a2c3081

  • SSDEEP

    196608:bIjBQFa5XQB4fsvXL++QiZhJL52KM7t+WWZBpTuk8B:bI1QFai4fsvXL++5Lr2KO5WZBsLB

  Score

  3^/10
  behavioral5

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/Everything.exe

  • Size

    1.7MB

  • MD5

    c44487ce1827ce26ac4699432d15b42a

  • SHA1

    8434080fad778057a50607364fee8b481f0feef8

  • SHA256

    4c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405

  • SHA512

    a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808

  • SSDEEP

    49152:sVzyP4BTkT3EApTLi2CCzMn3jzjAhFEy+eaXr:sVzyABTwEH

  Score

  6^/10

  discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral6

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/Everything.ini

  • Size

    20KB

  • MD5

    b08dea2c475176c96e29eacc73667b24

  • SHA1

    65ebd451669ae873b96df95d46ecec7de216293e

  • SHA256

    2a2a0fe8ba8f77a156d5bd3a5e9bf3628437afb19680964fe12a63b63959ab2f

  • SHA512

    47f4b74022c457bf2eec57284f24cd339496de389ba344f2ad5b067e0baf16c361bff6caf573721b022e544763a6d6b559213efa621d7a8b1fa334fc371a2fcd

  • SSDEEP

    192:RjCxnELo+ny9QOL4jwnTef2JFTAiwTMisXZiPgCsjvBM8nLVwcQTy4++Ztul4Axa:Rug6TeEFTA+isXlM8noZ4z8lJCK

  Score

  3^/10
  behavioral7

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/Everything2.ini

  • Size

    550B

  • MD5

    51014c0c06acdd80f9ae4469e7d30a9e

  • SHA1

    204e6a57c44242fad874377851b13099dfe60176

  • SHA256

    89ad2164717bd5f5f93fbb4cebf0efeb473097408fddfc7fc7b924d790514dc5

  • SHA512

    79b5e2727cce5cd9f6d2e886f93b22b72ec0ad4a6b9ad47205d7cf283606280665ead729ab3921d7e84409cfc09a94e749a68918130f0172856626f5f7af010c

  Score

  3^/10
  behavioral8

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/Everything32.dll

  • Size

    84KB

  • MD5

    3b03324537327811bbbaff4aafa4d75b

  • SHA1

    1218bd8165a2e0ec56a88b5a8bb4b27e52b564e7

  • SHA256

    8cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880

  • SHA512

    ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62

  • SSDEEP

    768:r7q2ysU1Jr1SHx6p73TpzkqVVWwupGKcrrbRkzOnORqhJtfwxnZRqFlP+YiXoyIZ:r7q2EJx+OVkqTIZerpnA2tfet7XJIZ

  Score

  3^/10

  discovery
  behavioral9

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/Everything64.dll

  • Size

    2.5MB

  • MD5

    e7cecb49da4cefd6f0b306ff09afdcb4

  • SHA1

    5ea8f3e6a1243f12290b473ca1948fb3bec7be0f

  • SHA256

    b4c78dcf7c9bfe60c2c61cab64243fe72a94a2ba002d0c742fadd56b1a92bfdd

  • SHA512

    29589431b6e6e479c8a8cb0ad7e98905f5891e8c3b12d73a6a985e2cac40385d1c88529b14bcd8e614d01bfc6bc8068447274c4b485d35900677f583f49a3347

  • SSDEEP

    49152:bgOzr7tOI3VP2vCdkwwAGAizTJQ/GN1NYrU96+pTS6hlA6FxPGhOMHjSXC8fY:pHZOEdktPQ/GK6Ds6HbMHWfY

  Score

  3^/10
  behavioral10

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/Jami.exe

  • Size

    2.4MB

  • MD5

    7f861580d2292e2f2c438f875725fd2f

  • SHA1

    20dd7b7d4cddf91aabcfe79d97dbaaaf277b7654

  • SHA256

    bd6775e772ad56d7dc4f1c7cec73fff98e6b03a2a9d109abe69a7c125a2c7828

  • SHA512

    a3ea904f97256840fc5a8636e9a2fb73d119de4e8979224b79e888c5bd3c4fc9eb748f264e13c9acd86e1de312d5f371b39197dd0f0d1e256c1c94566876f78d

  • SSDEEP

    49152:4a/RPnb1b+uL5KTu8l6VP/DOdmGtPY4ldpup0H4p5352nKESY:4a/RTd56M9/DmmGmM6RH35

  Score

  10^/10

  mimicdiscoveryevasionexecutionpersistenceransomwaretrojan

  • Detects Mimic ransomware

  • Mimic

    Ransomware family was first exploited in the wild in 2022.

    ransomwaremimic

  • UAC bypass

    evasiontrojan

  • Clears Windows event logs

    evasionransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes System State backups

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Event Triggered Execution: Image File Execution Options Injection

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  behavioral11

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/global_options.ini

  • Size

    12KB

  • MD5

    84f6a8f7607a096ba9c0cb704ae6ac8f

  • SHA1

    48d951cc741484e87fdb6d08924385f8e1ae340d

  • SHA256

    d7724e06402a2b1fc49f95178c1f8f9006f9c6a0636a7be4e29cd5474339013d

  • SHA512

    60ae5fc39691dedebeb0f4e31630be778fb893f1c868996fa9d3b7ba4dd15be389e9a41a395f979357ac2d72eff80caa2fada5614428c569c68ef14d415d4b3a

  • SSDEEP

    192:G/GbtBCB7k3LfcMIH9GZgy6kMIyMwZfCspqSf3Q71bNEKAAiOU+35UI+:GeCtkpgy673fTt6UN

  Score

  3^/10
  behavioral12

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/gui35.exe

  • Size

    276KB

  • MD5

    03a63c096b9757439264b57e4fdf49d1

  • SHA1

    a5007873ce19a398274aec9f61e1f90e9b45cc81

  • SHA256

    22ea129b0f57184f30b1771c62a3233ba92e581c1f111b4e8abfa318dc92cc46

  • SHA512

    0d656d807572f6be4574024e2bbcf0cbd291fe13a1adeb86a333177ee38db16b06da9a18509e599db0d2cf8206b84f6856a9674dba29a2cbeb844a216cb45ddd

  • SSDEEP

    6144:9TSe4rz5Fp8kXadSZApaMi7KsXzyJYHLomyN8AfEN0VremOEuaJuoFan:hQv5PXJmpeX1omyNbESVremOEuaJuoFE

  Score

  10^/10

  ransomware
  behavioral13

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/gui40.exe

  • Size

    276KB

  • MD5

    57850a4490a6afd1ef682eb93ea45e65

  • SHA1

    338d147711c56e8a1e75e64a075e5e2984aa0c05

  • SHA256

    31feff32d23728b39ed813c1e7dc5fe6a87dcd4d10aa995446a8c5eb5da58615

  • SHA512

    15cf499077e0c8f3421b95e09a18ae5468ae20a7b3a263f01cc8e6d445d54f09ca8a3189ecb40c87d0e6277c99b504424cdd0e35bbe493a1b0849900d21bccf8

  • SSDEEP

    6144:jsLvCWCgYND5cSMMQQqssbIuCsdJTX71vLuTj4lX+paBRinp:oLvCWrYNySMMQQqBC851STj4lX+paBRC

  Score

  10^/10

  ransomware
  behavioral14

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/session.tmp

  • Size

    32B

  • MD5

    f3fecae31ffe8e63f962c2779e24f1f5

  • SHA1

    c1f3d5cba932ef8d8664e22da102e190ce64c60e

  • SHA256

    579c870a0f12af418e36b48b5f43bc5e38522d6aeca628b031dbc65ce82114be

  • SHA512

    9b1c9c4e685bdc5ee46c0ca297e398a6008766d3b3011de7bddca67c3fba3596b6121b5189093d0d22badd0031a22408ec520cd95aa28a33ca087815caeb0271

  Score

  3^/10
  behavioral15

• • Target

    Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/xdel.exe

  • Size

    350KB

  • MD5

    803df907d936e08fbbd06020c411be93

  • SHA1

    4aa4b498ae037a2b0479659374a5c3af5f6b8d97

  • SHA256

    e8eaa39e2adfd49ab69d7bb8504ccb82a902c8b48fbc256472f36f41775e594c

  • SHA512

    5b9c44b4ed68b632360c66b35442722d2797807c88555c9fde9c176581d410e4f6ed433fabdcd9ee614db458158e6055a9f7f526ebfbc8e7f5f3d388f5de4532

  • SSDEEP

    6144:OBgL/kqXQangs2iKn5yvfj7wZxPzzLHrNJT7V:QgL5ga0iKn5GfPwZRT5

  Score

  3^/10

  discovery
  behavioral16