hxxps://github[.]com/kh4sh3i/Ransomware-Samples

Resubmissions

14/09/2024, 02:10

240914-clqgra1gkp 6

13/09/2024, 16:03

13/09/2024, 16:02

13/09/2024, 15:58

13/09/2024, 15:16

Sharing

Copy URL

Twitter E-mail

General

Target

https://github.com/kh4sh3i/Ransomware-Samples
Sample

240913-tez62swhpg

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://french-cooking.com/myguy.exe

Targets

- Target
  
  https://github.com/kh4sh3i/Ransomware-Samples
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1