General
-
Target
2024-10-03_bc58787697d3dfab922e9bbe376c7055_bkransomware
-
Size
6.7MB
-
Sample
241003-psg56s1erh
-
MD5
bc58787697d3dfab922e9bbe376c7055
-
SHA1
06c8a66f338c809e73d1e7453b39b65be3558aec
-
SHA256
57dc9ae71f85b37c7968d4f3fea193ccb3d915d9afee8ec4fd165d3096f04561
-
SHA512
3648e7bf20cb61ec35979c8a9bcd2255ea79f83b9b29a23396dba72fd144e17cee380acf730c3ebcb2648f9d2d50cda766034ab543079e995496cb1cc21616ba
-
SSDEEP
196608:ebeOQSYdZtHckBGJ0soHJtOd4sGaVKJv2CSJG:EVYvVckBiQj5ak9S
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-03_bc58787697d3dfab922e9bbe376c7055_bkransomware.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-03_bc58787697d3dfab922e9bbe376c7055_bkransomware.exe
Resource
win10v2004-20240910-en
Malware Config
Targets
-
-
Target
2024-10-03_bc58787697d3dfab922e9bbe376c7055_bkransomware
-
Size
6.7MB
-
MD5
bc58787697d3dfab922e9bbe376c7055
-
SHA1
06c8a66f338c809e73d1e7453b39b65be3558aec
-
SHA256
57dc9ae71f85b37c7968d4f3fea193ccb3d915d9afee8ec4fd165d3096f04561
-
SHA512
3648e7bf20cb61ec35979c8a9bcd2255ea79f83b9b29a23396dba72fd144e17cee380acf730c3ebcb2648f9d2d50cda766034ab543079e995496cb1cc21616ba
-
SSDEEP
196608:ebeOQSYdZtHckBGJ0soHJtOd4sGaVKJv2CSJG:EVYvVckBiQj5ak9S
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Indirect Command Execution
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1