Overview

overview

8

Static

static

3

ransom.exe

windows7-x64

1

ransom.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ransom.exe

  • Size

    3.1MB

  • Sample

    240819-2dxcrsshnr

  • MD5

    6043b56833c3803e8f9f9a5ad5a3d590

  • SHA1

    7dcd417070875f6b04c3b53549b4dc84d100e84d

  • SHA256

    61acd5b1150cc1e118ac8cb7819f59be509744240c9e7e9f3858967e90a68e10

  • SHA512

    5618a92c40aabcfc14ce3ef602de3f14afd37b7699eb2888ceb2060cffc84374cac55c2462f67fcb4dbaa631a045286e59c10fb8b3806d745714287c9c263bb6

  • SSDEEP

    49152:8FaCt1EwG9ZvoYWjXUgYqRDTe3EbIyemalpn0o:v6j/75e3lpn

Score
8/10
defense_evasionexecutionpersistence

Malware Config

Targets

    • Target

      ransom.exe

    • Size

      3.1MB

    • MD5

      6043b56833c3803e8f9f9a5ad5a3d590

    • SHA1

      7dcd417070875f6b04c3b53549b4dc84d100e84d

    • SHA256

      61acd5b1150cc1e118ac8cb7819f59be509744240c9e7e9f3858967e90a68e10

    • SHA512

      5618a92c40aabcfc14ce3ef602de3f14afd37b7699eb2888ceb2060cffc84374cac55c2462f67fcb4dbaa631a045286e59c10fb8b3806d745714287c9c263bb6

    • SSDEEP

      49152:8FaCt1EwG9ZvoYWjXUgYqRDTe3EbIyemalpn0o:v6j/75e3lpn

    Score
    8/10
    defense_evasionexecutionpersistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks