Overview

overview

8

Static

static

1

! blind pack !.jar

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ! blind pack !.jar

  • Size

    2.3MB

  • Sample

    241120-qvenhaxnes

  • MD5

    0fc2ad57cf17f300e3de6d5c3f8885a9

  • SHA1

    28d50493c65c8acaf30554d9e65d3a00a7d29069

  • SHA256

    d8b6edbd23b17b4b0b79947a48476da2b68538909c02f9e97227ba00b645c095

  • SHA512

    ba4ff94a5babec2b4d0651db0640a4ac737286ef37671a871b98eb478a854377de5d2f8993919ba33ff4111e26bd84e95a81232f8f41a7005cde2c2ce14a091e

  • SSDEEP

    49152:AVx9MGKS2KxIahxquFKnRpuyupv4MUaS0Fet1MI0Tvhe8fEP3:AVxt92KmOx8nz4FS0616zheak

Score
8/10
discoveryevasionransomwareupx

Malware Config

Targets

    • Target

      ! blind pack !.jar

    • Size

      2.3MB

    • MD5

      0fc2ad57cf17f300e3de6d5c3f8885a9

    • SHA1

      28d50493c65c8acaf30554d9e65d3a00a7d29069

    • SHA256

      d8b6edbd23b17b4b0b79947a48476da2b68538909c02f9e97227ba00b645c095

    • SHA512

      ba4ff94a5babec2b4d0651db0640a4ac737286ef37671a871b98eb478a854377de5d2f8993919ba33ff4111e26bd84e95a81232f8f41a7005cde2c2ce14a091e

    • SSDEEP

      49152:AVx9MGKS2KxIahxquFKnRpuyupv4MUaS0Fet1MI0Tvhe8fEP3:AVxt92KmOx8nz4FS0616zheak

    Score
    8/10
    discoveryevasionransomwareupx

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Sets desktop wallpaper using registry

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks