Overview

overview

10

Static

static

3

おばけ.exe

windows10-2004-x64

おばけ.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    おばけ.exe

  • Size

    4.4MB

  • Sample

    240906-sp11natfpb

  • MD5

    5a714f6f7296fd34436b5b524d34d7e5

  • SHA1

    cff1ef4661191d86d7ff52bdaca196c0f8c27f7d

  • SHA256

    d819e4837bee95362e33e65cf4723c28cf7d51c69ff506c4a1b873473ada9023

  • SHA512

    46307df12ab08e7c244e7760d895155257d6f065e2f62afc1afd7b4bd4a666bbdb1f5a82152c540fcf902315513e14859c576b382c760d6fb2babe40dd6284ce

  • SSDEEP

    49152:NOw3th9Yp3O7mXa7bpltN/kwbeHWth9Yp3O7mXa7bpltN:N1pYp3Gmq7AHGYp3Gmq7

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      おばけ.exe

    • Size

      4.4MB

    • MD5

      5a714f6f7296fd34436b5b524d34d7e5

    • SHA1

      cff1ef4661191d86d7ff52bdaca196c0f8c27f7d

    • SHA256

      d819e4837bee95362e33e65cf4723c28cf7d51c69ff506c4a1b873473ada9023

    • SHA512

      46307df12ab08e7c244e7760d895155257d6f065e2f62afc1afd7b4bd4a666bbdb1f5a82152c540fcf902315513e14859c576b382c760d6fb2babe40dd6284ce

    • SSDEEP

      49152:NOw3th9Yp3O7mXa7bpltN/kwbeHWth9Yp3O7mXa7bpltN:N1pYp3Gmq7AHGYp3Gmq7

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan

    • Modifies WinLogon

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks