General
-
Target
samples.zip
-
Size
12.9MB
-
Sample
240921-rylrnaxenn
-
MD5
08f4ceb2c87fbf7255b0610a4ddda6dd
-
SHA1
2899b23e84992e57a014c0c75ef11fe1fbadf3eb
-
SHA256
fc249baddd791772998825753f2ed6afb5cebab717f2017c5f8c78267173459e
-
SHA512
8b6334f7b965f6db62b38108fe34ec6fc312558153ad8e35b792b7415b903b24c90ca1aaae28e3d12f231b902fb22ec3ee31653187631d734e548a1b3f314dfe
-
SSDEEP
393216:GJApVs4LV9/L+7SdSh2S0Tx8Chrg9eymRJrpnVAsMqFabD7E:GJApVD59/c1h2SYx8ChQeymR1pVzMm
Malware Config
Targets
-
-
Target
samples.zip
-
Size
12.9MB
-
MD5
08f4ceb2c87fbf7255b0610a4ddda6dd
-
SHA1
2899b23e84992e57a014c0c75ef11fe1fbadf3eb
-
SHA256
fc249baddd791772998825753f2ed6afb5cebab717f2017c5f8c78267173459e
-
SHA512
8b6334f7b965f6db62b38108fe34ec6fc312558153ad8e35b792b7415b903b24c90ca1aaae28e3d12f231b902fb22ec3ee31653187631d734e548a1b3f314dfe
-
SSDEEP
393216:GJApVs4LV9/L+7SdSh2S0Tx8Chrg9eymRJrpnVAsMqFabD7E:GJApVD59/c1h2SYx8ChQeymR1pVzMm
Score1/10 -
-
-
Target
samples/Everything.exe
-
Size
1.7MB
-
MD5
c44487ce1827ce26ac4699432d15b42a
-
SHA1
8434080fad778057a50607364fee8b481f0feef8
-
SHA256
4c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
-
SHA512
a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
SSDEEP
49152:sVzyP4BTkT3EApTLi2CCzMn3jzjAhFEy+eaXr:sVzyABTwEH
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
samples/Everything32.dll
-
Size
84KB
-
MD5
3b03324537327811bbbaff4aafa4d75b
-
SHA1
1218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
-
SHA256
8cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
-
SHA512
ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
SSDEEP
768:r7q2ysU1Jr1SHx6p73TpzkqVVWwupGKcrrbRkzOnORqhJtfwxnZRqFlP+YiXoyIZ:r7q2EJx+OVkqTIZerpnA2tfet7XJIZ
Score3/10 -
-
-
Target
samples/freeworldencrypting.exe
-
Size
2.0MB
-
MD5
22c109d5539b862d629daa01673352cd
-
SHA1
2eed43bf7f139243d9ef93bf4ed0903ced8a08b5
-
SHA256
f5a331009d6e46236036c2de3578f2a8414742271ed4b23496859c8b99f5c4de
-
SHA512
3d251c3c633f24b1ddf7d1f5dcf8a2c8093c892c0a1e5577aec8dc01fcf50aebdc0d481c96f65d83dadd7a7873c2e8013761b16728bd5f6e3621977b2ae46bc2
-
SSDEEP
49152:wa/RPnb1b+uL5KTu8l6VP/DOdmGtPY4ldP1nKESY:wa/RTd56M9/DmmGmMP
Score10/10-
Detects Mimic ransomware
-
Mimic
Ransomware family was first exploited in the wild in 2022.
-
UAC bypass
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Power Settings
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2Clear Windows Event Logs
1File Deletion
1Modify Registry
4