infinitylock | ddd61c9f887cf5e0e83f70af0eb70ac5bf7a64249d2039b77169a4f66eedd1f1 | Triage

Submit
Reports

Overview

overview

Static

static

1

P3S_FW_V01...30.bin

windows10-1703-x64

Sharing

General

Target

P3S_FW_V01.11.0030.bin
Size

59.8MB
Sample

240927-a2cjqawepk
MD5

9245148c449cc2e848a6867a6a3fa80c
SHA1

29045cb9ecd4ef59380d14018cb61c586d0dedf0
SHA256

ddd61c9f887cf5e0e83f70af0eb70ac5bf7a64249d2039b77169a4f66eedd1f1
SHA512

f9702810e9db9b34ca7e053551ad6eb592331d707a0b645e17096e8319187f6ef062fc763f8c20e96d9005270a1a5a56212706bfdc0b996771a99c030c5b38cb
SSDEEP

786432:JLukTyODtzvxu9osMr66oBxl+2oRBglhRwz:g4pRzYoMCtn

Score

10^/10

infinitylock troldesh defense_evasion discovery evasion persistence ransomware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

P3S_FW_V01.11.0030.bin

Resource

win10-20240404-en

infinitylock troldesh defense_evasion discovery evasion persistence ransomware trojan upx

windows10-1703-x64

28 signatures

1800 seconds

Malware Config

Targets

- Target
  
  P3S_FW_V01.11.0030.bin
- Size
  
  59.8MB
- MD5
  
  9245148c449cc2e848a6867a6a3fa80c
- SHA1
  
  29045cb9ecd4ef59380d14018cb61c586d0dedf0
- SHA256
  
  ddd61c9f887cf5e0e83f70af0eb70ac5bf7a64249d2039b77169a4f66eedd1f1
- SHA512
  
  f9702810e9db9b34ca7e053551ad6eb592331d707a0b645e17096e8319187f6ef062fc763f8c20e96d9005270a1a5a56212706bfdc0b996771a99c030c5b38cb
- SSDEEP
  
  786432:JLukTyODtzvxu9osMr66oBxl+2oRBglhRwz:g4pRzYoMCtn
Score

10^/10

infinitylock troldesh defense_evasion discovery evasion persistence ransomware trojan upx
- InfinityLock Ransomware
  Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
  ransomware infinitylock
- Modifies visibility of file extensions in Explorer
  evasion
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

infinitylocktroldeshdefense_evasiondiscoveryevasionpersistenceransomwaretrojanupx

© 2018-2024

Terms | Privacy