mimic

Sharing

Copy URL

Twitter E-mail

General

Target

samples.zip
Size

12.9MB
Sample

240921-rxlp9sxejq
MD5

08f4ceb2c87fbf7255b0610a4ddda6dd
SHA1

2899b23e84992e57a014c0c75ef11fe1fbadf3eb
SHA256

fc249baddd791772998825753f2ed6afb5cebab717f2017c5f8c78267173459e
SHA512

8b6334f7b965f6db62b38108fe34ec6fc312558153ad8e35b792b7415b903b24c90ca1aaae28e3d12f231b902fb22ec3ee31653187631d734e548a1b3f314dfe
SSDEEP

393216:GJApVs4LV9/L+7SdSh2S0Tx8Chrg9eymRJrpnVAsMqFabD7E:GJApVD59/c1h2SYx8ChQeymR1pVzMm

Score

10^/10

Malware Config

Targets

- Target
  
  samples.zip
- Size
  
  12.9MB
- MD5
  
  08f4ceb2c87fbf7255b0610a4ddda6dd
- SHA1
  
  2899b23e84992e57a014c0c75ef11fe1fbadf3eb
- SHA256
  
  fc249baddd791772998825753f2ed6afb5cebab717f2017c5f8c78267173459e
- SHA512
  
  8b6334f7b965f6db62b38108fe34ec6fc312558153ad8e35b792b7415b903b24c90ca1aaae28e3d12f231b902fb22ec3ee31653187631d734e548a1b3f314dfe
- SSDEEP
  
  393216:GJApVs4LV9/L+7SdSh2S0Tx8Chrg9eymRJrpnVAsMqFabD7E:GJApVD59/c1h2SYx8ChQeymR1pVzMm
Score

1^/10
behavioral1 behavioral2
- Target
  
  samples/$I30
- Size
  
  4KB
- MD5
  
  6e4a12d35893ed1115749b48393b5200
- SHA1
  
  fbd8f6e92ecaf2e50dc3d0f53d21815059b1b6ba
- SHA256
  
  0b3f8ab04d1c18025a671424df02b55805ae7fbc7eeefd7bdc5801264d287aa4
- SHA512
  
  40c0fde7ca92b50c7664abf6d959592e7a26a8054b0f0c3d6273ffc63e1dc64a6e8c2c3af6791aa365a7ca64dd6905bd9d6670b6f68c33e59cd4adf608e6db38
Score

1^/10
behavioral3 behavioral4
- Target
  
  samples/Everything.db
- Size
  
  27.1MB
- MD5
  
  29bbcfc4cf4da12cd403deeb806691cf
- SHA1
  
  4414c6fb81b3f3501934fe2c81db563b5dee5334
- SHA256
  
  9f323e6284dec51c09ffe8d2ade136b78c30e00a06783d4ca296e2fec3a49fab
- SHA512
  
  971265f344fd6ecefbbdc82fee8a22d7debf84c3132ac2a52bc542e96dfe2b70536f0c187a38bdff827a65fdb11e09a85136938744fdc721f9e0085e5f375487
- SSDEEP
  
  196608:VfTHWOmd+C8yFEH5pSlYrJ1O6GLsX2tARoxGwpAvr1:VfTHYAg6GLwSLx3Avx
Score

3^/10
behavioral5 behavioral6
- Target
  
  samples/Everything.db.FileSlack
- Size
  
  3KB
- MD5
  
  3f0813615deaad7b64e2e31bb5cd1aa2
- SHA1
  
  0aa7d06ccf31b480eb4ed00708b2ea429a8efe57
- SHA256
  
  af6225e4b8d9987a20a07cc26125a9e6151d5ef3b6a1dccd6e5f395f1cd23861
- SHA512
  
  bbe6c451bb64a6c4a1f30235c0dc982601b307c6f706f9d16507a2f8a8a321c24c79b9d649f09b5da9e3ac6eaa318ff92e17305d8916f7806ace11a2667e1fa9
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  samples/Everything.exe
- Size
  
  1.7MB
- MD5
  
  c44487ce1827ce26ac4699432d15b42a
- SHA1
  
  8434080fad778057a50607364fee8b481f0feef8
- SHA256
  
  4c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
- SHA512
  
  a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
- SSDEEP
  
  49152:sVzyP4BTkT3EApTLi2CCzMn3jzjAhFEy+eaXr:sVzyABTwEH
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  samples/Everything.ini
- Size
  
  20KB
- MD5
  
  472ee5a9b076aede5574eb747412cc8a
- SHA1
  
  cb1541d2aad53309e82c44cb99c220e02bc219d2
- SHA256
  
  7854d3d94db23ed7e453f30e4a5e302bea209b2ebb60b5554dbc78ac1caefe4d
- SHA512
  
  22407550d8c602fc2f6c70a671ec948770f8df494e2613d66efb8625f75adaea8047d35931e97c6a841b786fca9b2922e805799f149b58f34c881e5605b8f86a
- SSDEEP
  
  192:RjCxnELo+ny9QOL4jwnTef2JFTAiwTMisXZiPgCSjvtM8nbVwoQT7zAu+Ztul4A8:Rug6TeEFTA+isX/M8nYuZ4z8lJCK
Score

1^/10
behavioral11 behavioral12
- Target
  
  samples/Everything.ini.FileSlack
- Size
  
  3KB
- MD5
  
  fd4589304a588a420da7dd0b56784130
- SHA1
  
  3a8267d2459cef2d9ea4d782eef8ec2876fbecaa
- SHA256
  
  a3041b2a3f207ad2e467085b36ca51eae3a5d60f899251c9d5c4c9b248c60482
- SHA512
  
  28aa740ab94e8643af5339e6cbc4af38cf68c58f76b163e4b2fc0875802889abb2689507e4bd15eab62c095c5d852ab54c200324179c0f804e8158c8c71c1a67
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  samples/Everything32.dll
- Size
  
  84KB
- MD5
  
  3b03324537327811bbbaff4aafa4d75b
- SHA1
  
  1218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
- SHA256
  
  8cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
- SHA512
  
  ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
- SSDEEP
  
  768:r7q2ysU1Jr1SHx6p73TpzkqVVWwupGKcrrbRkzOnORqhJtfwxnZRqFlP+YiXoyIZ:r7q2EJx+OVkqTIZerpnA2tfet7XJIZ
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  samples/Everything32.dll.FileSlack
- Size
  
  3KB
- MD5
  
  392c3b27af6755b705128fc738d77348
- SHA1
  
  1c23542f187fcff5aca60532fe6d30517e84c57d
- SHA256
  
  ea920d619c25a834bdf2fe7c82d36be2150a530ec1f5215cda741b23d29823cb
- SHA512
  
  901fe1a3ca757b2a883c49776ecda903b0fa521d584466416bcaa97ea83c2319692d399212cf9bf3c794df2e51ea8c452b120d944e6af139022097a800e3b072
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  samples/Everything64.dll
- Size
  
  2.2MB
- MD5
  
  696682f1a9d5efcd5cfe72adf2649efb
- SHA1
  
  63ac46cd91decfe85d57c4d3fba0cbb7124edb83
- SHA256
  
  bfc7bd83edc3aacf0130900b63f2f2ee2ffeb961cf749719f09b68660381a2f0
- SHA512
  
  d2b33184d1bfe2a050bf0050af24a5c28408b856dd73214d058ca23ddbf75b2edd44ed677d22c548768df897152c7cca5359ad8526e0a60c811221cb156c0529
- SSDEEP
  
  49152:waFm0mjQzQ3ZtwvVYXlZXL8z3Iu645lFEikRiqFFkRtQjzYLB57nM2:80daXLy38IjqFEb7M2
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  samples/freeworldencrypting.exe
- Size
  
  2.0MB
- MD5
  
  22c109d5539b862d629daa01673352cd
- SHA1
  
  2eed43bf7f139243d9ef93bf4ed0903ced8a08b5
- SHA256
  
  f5a331009d6e46236036c2de3578f2a8414742271ed4b23496859c8b99f5c4de
- SHA512
  
  3d251c3c633f24b1ddf7d1f5dcf8a2c8093c892c0a1e5577aec8dc01fcf50aebdc0d481c96f65d83dadd7a7873c2e8013761b16728bd5f6e3621977b2ae46bc2
- SSDEEP
  
  49152:wa/RPnb1b+uL5KTu8l6VP/DOdmGtPY4ldP1nKESY:wa/RTd56M9/DmmGmMP
Score

10^/10

mimic discovery evasion execution persistence ransomware trojan
- Detects Mimic ransomware
- Mimic
  Ransomware family was first exploited in the wild in 2022.
  ransomware mimic
- UAC bypass
  evasion trojan
- Clears Windows event logs
  evasion ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral21 behavioral22
- Target
  
  samples/session.tmp
- Size
  
  32B
- MD5
  
  c241eda7e1143981d8cf780be372d33a
- SHA1
  
  9ed5184329f8f6c41740b69c5f7404ce4294dd35
- SHA256
  
  b5b4a55f7a189862bcb90aeab4abf005a472598f79914b28d1e5a0cda0441b6f
- SHA512
  
  19db4988951005449ee72e41646c21b9ffa3a9ab9b6ca8b51a624ffcb668a9456a0747bb5bb7360eeaf85110ede13b263d3e49e0341f0b9a48ed005fff255872
Score

3^/10

discovery
behavioral23 behavioral24