Overview

overview

10

Static

static

3

BSOD/BSOD/...OD.exe

windows7-x64

1

BSOD/BSOD/...OD.exe

windows10-2004-x64

BSOD/BSOD/...OD.exe

windows10-ltsc 2021-x64

1

BSOD/BSOD/...OD.exe

windows11-21h2-x64

1

RANSOMWARE....0.exe

windows7-x64

10

RANSOMWARE....0.exe

windows10-2004-x64

10

RANSOMWARE....0.exe

windows10-ltsc 2021-x64

10

RANSOMWARE....0.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cybersoldier-RANSOMWARE3.0+BSOD.rar

  • Size

    300KB

  • Sample

    241120-p6mb2sxeqr

  • MD5

    e1450a4f7fd39af9401f67ea4a3dd699

  • SHA1

    d0aed2bf466c17802a37e7942c17f32d956c83a4

  • SHA256

    6fd657d7b6007a7f8ed6afde4b1c6aa4b8411cac7069f0f92f31495d59d7c920

  • SHA512

    840307e238352c4872b7622c92f9fd69fb5afe93c192b76df2f79c64b5ba769a0de07c57c9d46b64b27b62baae567191bbbdc69700937304621c9f07fc7a9d02

  • SSDEEP

    6144:XIcYGc4paUXZpkFvIABQLKRuUd2q9CVkG6rV/NFxw53r9xwLos:YcY4jpklRIyuMd9C2rV/NFxa3rPs

Score
10/10
discoveryevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      BSOD/BSOD/bin/Debug/BSOD.exe

    • Size

      6KB

    • MD5

      4ec85cec090259e2ad98bc922a70cc5c

    • SHA1

      7fbc4d3a11395f373d6bb40ad7f8bdf9088853e4

    • SHA256

      dc0e9cae1e53b8f74c9bda8fc5c76c9f8a925e29275bbca0b4e35204af6c3fa3

    • SHA512

      df72554135d7dd06e60b8bb4b98617b16693127b91889a188cedc80a3e85ac3fb578ed9261bd54de465387f0cc755916dc5eb15b24e0350c91f188bc4b703cfb

    • SSDEEP

      96:fzuWnKaFWgenoraco3WNtW1jYcFKNVcz1W4oKYlLya:3RF0oZo8stYcFwVc03KY

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      RANSOMWARE3.0/RANSOMWARE3.0/obj/Debug/RANSOMWARE3.0.exe

    • Size

      206KB

    • MD5

      d82aef6e33a9bb4bbbec1e38547b1a47

    • SHA1

      bb74e90eab11ecc0a2e3702882489a2523949315

    • SHA256

      9cff1ba17b83e537751fe1cd414690c3aa9627f06899afd906efaa114575d42d

    • SHA512

      88e61e2a6ce3fe80f4ce77493254fcd56476ffc1e6a36a7f4f063757c6fd2cd1332f2a1d71222cbae244b294dcc5b56b8a83e53e15138a4ef1c3fbd56690f804

    • SSDEEP

      3072:qRkbWhQAqY5+I00000000000000cGh4u3J+QGAqYVZmXMZhGq4ziqY:qSbsqgP4QbqS1ZhGq4Gq

    Score
    10/10
    discoveryevasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Renames multiple (302) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Drops startup file

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks