General
-
Target
octo hates niggers.wav
-
Size
1.1MB
-
Sample
240904-blfrwatbra
-
MD5
e06c2af9bd3623d93dad4c19fa90b88a
-
SHA1
aae457d958f50416e1a1e6f2195e1c162e47abcf
-
SHA256
7a3b253a53b43df9024c580b8797df22ac022cebddb9305ff77f2c0884dd6ddf
-
SHA512
b5d73101ff3adabbe563dbf8c007f1279fc151c564d8563e5cb6a3a36eb354a177978225576d7bc1ebd428e8d80f9a73880ca221058babcb409a669da32ff30f
-
SSDEEP
1536:53PiVM28r4hL0/yJPGw9mtJdNRvDuKjmK0yjWJOcaY:5aVM8hLgucNRruKCpiMODY
Static task
static1
Behavioral task
behavioral1
Sample
octo hates niggers.wav
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
octo hates niggers.wav
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
octo hates niggers.wav
-
Size
1.1MB
-
MD5
e06c2af9bd3623d93dad4c19fa90b88a
-
SHA1
aae457d958f50416e1a1e6f2195e1c162e47abcf
-
SHA256
7a3b253a53b43df9024c580b8797df22ac022cebddb9305ff77f2c0884dd6ddf
-
SHA512
b5d73101ff3adabbe563dbf8c007f1279fc151c564d8563e5cb6a3a36eb354a177978225576d7bc1ebd428e8d80f9a73880ca221058babcb409a669da32ff30f
-
SSDEEP
1536:53PiVM28r4hL0/yJPGw9mtJdNRvDuKjmK0yjWJOcaY:5aVM8hLgucNRruKCpiMODY
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Modifies WinLogon for persistence
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (3758) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
mimikatz is an open source tool to dump credentials on Windows
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Event Triggered Execution: Image File Execution Options Injection
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1Windows Management Instrumentation
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
2Safe Mode Boot
1Indicator Removal
2File Deletion
2Modify Registry
5