General
-
Target
2024-10-11_ec105a10fbc6340a69581f36454d722f_bkransomware
-
Size
6.6MB
-
Sample
241011-2bystaxdkb
-
MD5
ec105a10fbc6340a69581f36454d722f
-
SHA1
744eaf350ae3aa2865bc5bce43b72f5c0e6ab5c7
-
SHA256
12405a7f8f62a12fbfb93668c5d1314c88440eb9e11e37933a31d98fa73a11f6
-
SHA512
d6c5833510e50390a90a35329a30bf80af3909f871a00731dc7bfdfaea803e28929440853d106ed157431cabf3e5d5feed5635f360e02e32113c9ec87d000d59
-
SSDEEP
196608:66ABZOhEyu0HDsqhU8gccZ6Limi6rHTZTBq+djV:cOhEyFoq0R6Limb1B5
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-11_ec105a10fbc6340a69581f36454d722f_bkransomware.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
2024-10-11_ec105a10fbc6340a69581f36454d722f_bkransomware
-
Size
6.6MB
-
MD5
ec105a10fbc6340a69581f36454d722f
-
SHA1
744eaf350ae3aa2865bc5bce43b72f5c0e6ab5c7
-
SHA256
12405a7f8f62a12fbfb93668c5d1314c88440eb9e11e37933a31d98fa73a11f6
-
SHA512
d6c5833510e50390a90a35329a30bf80af3909f871a00731dc7bfdfaea803e28929440853d106ed157431cabf3e5d5feed5635f360e02e32113c9ec87d000d59
-
SSDEEP
196608:66ABZOhEyu0HDsqhU8gccZ6Limi6rHTZTBq+djV:cOhEyFoq0R6Limb1B5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Indirect Command Execution
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1