General
-
Target
keylogger.exe
-
Size
1.9MB
-
Sample
240911-m6v8vawfrq
-
MD5
8ee25a10c1eacb4c981a2540b94ec2a3
-
SHA1
bfa2dca2e7855c8f6550f065441ee2c4e6ce887a
-
SHA256
be23c209e0b40c9c591775d01da20b6f15248e569a5bbe478d3120b4adb43b6f
-
SHA512
4029bfba637a97d7d9132a410fca59e11b7ce0eb53798e933690a57f8e65644b88e8bd0a1cea83c41ac49a78472c69269e6c5aa8b553e3b86efbfdee15f1c13f
-
SSDEEP
49152:leRAs/dcY99I2R8fJyoik9O5Q8JzKNdPXGyNF8eLgZZ4fmlapi:MRh/9x8hFik9O5Q8pK7DND0b4+
Behavioral task
behavioral1
Sample
keylogger.exe
Resource
win7-20240903-en
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
keylogger.exe
-
Size
1.9MB
-
MD5
8ee25a10c1eacb4c981a2540b94ec2a3
-
SHA1
bfa2dca2e7855c8f6550f065441ee2c4e6ce887a
-
SHA256
be23c209e0b40c9c591775d01da20b6f15248e569a5bbe478d3120b4adb43b6f
-
SHA512
4029bfba637a97d7d9132a410fca59e11b7ce0eb53798e933690a57f8e65644b88e8bd0a1cea83c41ac49a78472c69269e6c5aa8b553e3b86efbfdee15f1c13f
-
SSDEEP
49152:leRAs/dcY99I2R8fJyoik9O5Q8JzKNdPXGyNF8eLgZZ4fmlapi:MRh/9x8hFik9O5Q8pK7DND0b4+
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1