General
-
Target
2024-10-19_8f95d249a8940a86f0518d676cfc3096_derusbi_lockbit_wannacry
-
Size
4.5MB
-
Sample
241019-lzlv6azepb
-
MD5
8f95d249a8940a86f0518d676cfc3096
-
SHA1
ac3c91f89d4fca14410e24bd348ced70891b543a
-
SHA256
d0b41ed9435129ccdf1bf7ca87fa4b33649b5b924d8cdbc12966d33fb7b9b873
-
SHA512
21e8fe5d0f2e2e9ea36a7ea5fc0230a9ac3657528f93ad9b83ef9895fccf2563ecc8f6115a625c60ca8581e6bc043a3a6560a50d650476676bf8c391975e1a82
-
SSDEEP
24576:HgIWd8sPeH6qAoIqEU502aM56PemUnJNhxtP+AmUmey2s73tOOu55E9QiwzTUBUD:id8gez+AmUvy2s7s5e9QiE
Malware Config
Targets
-
-
Target
2024-10-19_8f95d249a8940a86f0518d676cfc3096_derusbi_lockbit_wannacry
-
Size
4.5MB
-
MD5
8f95d249a8940a86f0518d676cfc3096
-
SHA1
ac3c91f89d4fca14410e24bd348ced70891b543a
-
SHA256
d0b41ed9435129ccdf1bf7ca87fa4b33649b5b924d8cdbc12966d33fb7b9b873
-
SHA512
21e8fe5d0f2e2e9ea36a7ea5fc0230a9ac3657528f93ad9b83ef9895fccf2563ecc8f6115a625c60ca8581e6bc043a3a6560a50d650476676bf8c391975e1a82
-
SSDEEP
24576:HgIWd8sPeH6qAoIqEU502aM56PemUnJNhxtP+AmUmey2s73tOOu55E9QiwzTUBUD:id8gez+AmUvy2s7s5e9QiE
Score10/10-
FFDroider
Stealer targeting social media platform users first seen in April 2022.
-
Jupyter, SolarMarker
Jupyter is a backdoor and infostealer first seen in mid 2020.
-
Maze
Ransomware family also known as ChaCha.
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads ssh keys stored on the system
Tries to access SSH used by SSH programs.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
7Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2