Overview

overview

9

Static

static

3

host.exe

windows7-x64

9

host.exe

windows10-2004-x64

9

update.exe

windows7-x64

9

update.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ransom.zip

  • Size

    17KB

  • Sample

    240818-n76lmswcll

  • MD5

    69f563a2916f41d64b3340443132e1d7

  • SHA1

    ec23f638761f749611d83d27adaa17b25217b282

  • SHA256

    0c35ab1832945198c2e913891461a84f4872b5be60a64fd91084eead9e4e23e6

  • SHA512

    0955f35b596e60e07bfef65abb55449ece63a1d27b96ce713e4437e35e96521323caa7501f3ce068b32d83276d905cb2e316da5e56f1988b2175ab1ba1acaa8d

  • SSDEEP

    384:JdIWUBBZUAv0AgJwl+EILb/3UgxgCLZXkMevPdBRLSWEs:JSvD6dEkb86gCXKPjR+WT

Score
9/10
discoveryransomware

Malware Config

Targets

    • Target

      host.exe

    • Size

      16KB

    • MD5

      407318721d5587b5db6ce7873890db96

    • SHA1

      87e69c62e196961f51b3a973a6b7e810dcb922c9

    • SHA256

      c641e79ae3fa662a639f4fa3a0cb8723030c114bfb2d7ffad488de73afd574ce

    • SHA512

      2dfa2e3c1ad5ba3e4dd81bfd646995fdcdc20c1080974a26cd01254506ba32d394693144758cf71bdc5726b71aa7721551ecea4f0bd8ca2ccffc17a837ff6f74

    • SSDEEP

      384:y0sAA+LPsuTnVshZ9hA+b3Qj5MRjV1V/QBOIjLb1:yaV/+b3N31V/yb

    Score
    9/10
    discoveryransomware

    • Renames multiple (878) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      update.exe

    • Size

      16KB

    • MD5

      af87d850a15f1fbde5e824116e1f174b

    • SHA1

      9d704094e5f7386104dc5b7b155768fbac9fc0f9

    • SHA256

      11863fecf89dd0fd635456d680fa4a268d9f63dc5a76093fbb79c6686d5ae17b

    • SHA512

      b0962ca6b3f96defd0b34c723bf13ec35cbda1ed5551ac41ee0ef04fffb799284ad7e4324c856443f14511b7ee83dc2bdc5588c6d6a87050ac4344c4d08c13b3

    • SSDEEP

      384:K0sAA+LPsuTnVshZ9hA+b3Qj5MRjVpV/QBOIjLbd:KaV/+b3N3pV/yb

    Score
    9/10
    discoveryransomware

    • Renames multiple (1615) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks