Overview

overview

8

Static

static

3

2024-10-01...fo.exe

windows7-x64

8

2024-10-01...fo.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-01_7d0ada41dcddd55aecc3cb0999a744b3_bkransomware_metamorfo

  • Size

    6.7MB

  • Sample

    241001-ayd85swfjb

  • MD5

    7d0ada41dcddd55aecc3cb0999a744b3

  • SHA1

    15257a80cbc312b2b8a8adbed2e9d8cba48e530a

  • SHA256

    66f61505ec10338855e37b6273ee9cb89031ce02bf86be09b1a1929d70cd1aed

  • SHA512

    a1b27cdec4740ec84bf465e288f89d60726d2d7280e617d60e2b3122207c10a3e5dde2797be85c290115fc4e12376abff352a8f76aea649e2ac3bfd4cdd6b411

  • SSDEEP

    98304:+T37vqsExujWvg3T+iKCB2pqdBsntt1foHMPgttvBeUv1C5A5AnvWbp7B20Hh2Hl:+/KKgsEJVQvYrAWnH64BYyn

Score
8/10
defense_evasiondiscoveryexecution

Malware Config

Targets

    • Target

      2024-10-01_7d0ada41dcddd55aecc3cb0999a744b3_bkransomware_metamorfo

    • Size

      6.7MB

    • MD5

      7d0ada41dcddd55aecc3cb0999a744b3

    • SHA1

      15257a80cbc312b2b8a8adbed2e9d8cba48e530a

    • SHA256

      66f61505ec10338855e37b6273ee9cb89031ce02bf86be09b1a1929d70cd1aed

    • SHA512

      a1b27cdec4740ec84bf465e288f89d60726d2d7280e617d60e2b3122207c10a3e5dde2797be85c290115fc4e12376abff352a8f76aea649e2ac3bfd4cdd6b411

    • SSDEEP

      98304:+T37vqsExujWvg3T+iKCB2pqdBsntt1foHMPgttvBeUv1C5A5AnvWbp7B20Hh2Hl:+/KKgsEJVQvYrAWnH64BYyn

    Score
    8/10
    defense_evasiondiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks