Extracted

• • Target

    RNSM00363.7z

  • Size

    10.7MB

  • MD5

    248bb72ffd8a4761046bfd48287f5956

  • SHA1

    96dba0b79b1b19f5518655514ddd829524b42135

  • SHA256

    832d0b83f8c89401a8caa59c7fccc510503cd2885c25c46099fe2a9ea0fef020

  • SHA512

    3acb86d8877a68910f7539caac06a0a42aa8176e8071f6230a3e81eb53be281a6fee0b51e2c75ad6989d93ea1f74d2e909e87634d04689f80419661c478708e3

  • SSDEEP

    196608:B98GogioOZWI3txM7a0L7dQKMyX7Mm8FPRmShvy2ZAw62r3DzV3dbvw1N:BNtOZWOtxM7Tp800Bp/p9tboN

  Score

  10^/10

  emotetgandcrabtroldeshadwarebackdoorbankercredential_accessdefense_evasiondiscoveryevasionexecutionimpactpersistenceransomwarespywarestealertrojanupx

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Emotet family

    emotet

  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab

  • Gandcrab family

    gandcrab

  • Troldesh family

    troldesh

  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh

  • UAC bypass

    evasiontrojan

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (274) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1