Overview

overview

9

Static

static

3

nRi28Wtqb1-UA.rar

windows10-2004-x64

3

bsod fix.bat

windows10-2004-x64

1

instructions.txt

windows10-2004-x64

1

nRi28Wtqb1.exe

windows10-2004-x64

5

w11 fix.bat

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nRi28Wtqb1-UA.rar

  • Size

    5.2MB

  • Sample

    240916-2xz8rsthpe

  • MD5

    f26c7d6085e986dfc1ccf2ddab143cd0

  • SHA1

    f2ef69d0ce579336cd643eb11b8cc54050c05f77

  • SHA256

    35ce9a93d911373f6e392d3608413d0f95c6c3b6c0d3b582dbf718211b024241

  • SHA512

    1b4aa084bf6770f14380102733e9ab75f38ac1b59ffc892552fc94b6eb79b87695836a225b9f4bebca8f526e72ff55cb86ffc23524909d95068e40e42ea9732e

  • SSDEEP

    98304:awHoMutDwoUR0W2Nv/pkWNir2wztAJ3eoUpE7193VRATkD6sWOcB4G1a+qd0IMOg:PC0qW2NTir2+KdeDEDVRAYD6sikpGdOg

Score
9/10
defense_evasionevasionexecutionransomware

Malware Config

Targets

    • Target

      nRi28Wtqb1-UA.rar

    • Size

      5.2MB

    • MD5

      f26c7d6085e986dfc1ccf2ddab143cd0

    • SHA1

      f2ef69d0ce579336cd643eb11b8cc54050c05f77

    • SHA256

      35ce9a93d911373f6e392d3608413d0f95c6c3b6c0d3b582dbf718211b024241

    • SHA512

      1b4aa084bf6770f14380102733e9ab75f38ac1b59ffc892552fc94b6eb79b87695836a225b9f4bebca8f526e72ff55cb86ffc23524909d95068e40e42ea9732e

    • SSDEEP

      98304:awHoMutDwoUR0W2Nv/pkWNir2wztAJ3eoUpE7193VRATkD6sWOcB4G1a+qd0IMOg:PC0qW2NTir2+KdeDEDVRAYD6sikpGdOg

    Score
    3/10
    behavioral1

    • Target

      bsod fix.bat

    • Size

      415B

    • MD5

      392f331dc1744fbe560a2a17d7ca838f

    • SHA1

      817559945e137d036f47b26696d4fab5f22572c1

    • SHA256

      318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5

    • SHA512

      0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd

    Score
    1/10
    behavioral2

    • Target

      instructions.txt

    • Size

      1KB

    • MD5

      060030231f16c28316db957b3b8f9d76

    • SHA1

      db81e86a6366955ef2cdcfc8f2933d2ca73ac580

    • SHA256

      6e9d7a74bff2718b61ce3bcc538a99662c8e47958f61f2bfa1dc014c0986410e

    • SHA512

      50ebda840758fda86956b3700034d7117d52b8ba3a37500fc89d9dffc415f20a8ebcf94ec2ab4c7c937065ca8a80ce9da41cb47a14dad3f4f6a65d30a5bf3b3a

    Score
    1/10
    behavioral3

    • Target

      nRi28Wtqb1.exe

    • Size

      5.6MB

    • MD5

      872b0fa8c0306040f181d08c5d7a252b

    • SHA1

      a08cf74361c96aa4d7e4503af6563c63b95f1973

    • SHA256

      3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3

    • SHA512

      23d8610ac8bfcb68695b652dd8d35edcc5f17994c90966ef0cabf11489d983cc852dd8e6d36ec85c78ec6f63cb6a7b21238a6d9687494f3ef99bc7ca86a4a277

    • SSDEEP

      98304:GRx4heu/+/tswG+PJPigEtVTH41ZE6HqM/aZeOO4wZivrH/LXmfI1ZWQpy:GL4gy+/tbG+PJa3txT6KKaLbwZivrjdJ

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral4

    • Target

      w11 fix.bat

    • Size

      507B

    • MD5

      6fb44052dc5a85a097feeb91d7a81712

    • SHA1

      29db33e6cf3286a6ba82af684ac535d42b43d257

    • SHA256

      7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026

    • SHA512

      ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a

    Score
    9/10
    defense_evasionevasionexecutionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Modify Registry: Disable Windows Driver Blocklist

      Disable Windows Driver Blocklist via Registry.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5

MITRE ATT&CK Enterprise v15

Tasks