Overview

overview

10

Static

static

1

Ransomware...ya.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware.NotPetya.exe

  • Size

    366KB

  • Sample

    241127-qan2favjbz

  • MD5

    e5cc289b0b2b74b8e02f5a7f07867705

  • SHA1

    81a884e16a81979c7fe56e61bcfdb94f8bb937ff

  • SHA256

    6497eb7e530ccecce0bc9d8a0771221d7e980b7be875b2b3969110eb8b8f2305

  • SHA512

    4cd22f953ce44d6d960dbe2bf651ae01fc865ec45742450a24a15c6f6b48b825b7979dbf287bf87f8290344f7bf5bf69d1c1f762f2e81a27d1fe0997712a5d2f

  • SSDEEP

    6144:vLh5iWs5gArF3LDd84ESQoCGhWg2ZQkyDfTbjfyLX1WYaaGM6Btk2:vN5iWs5gZ4E6CyWgcQBzvja4YaaUtk2

Score
10/10
mimikatzbootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      Ransomware.NotPetya.exe

    • Size

      366KB

    • MD5

      e5cc289b0b2b74b8e02f5a7f07867705

    • SHA1

      81a884e16a81979c7fe56e61bcfdb94f8bb937ff

    • SHA256

      6497eb7e530ccecce0bc9d8a0771221d7e980b7be875b2b3969110eb8b8f2305

    • SHA512

      4cd22f953ce44d6d960dbe2bf651ae01fc865ec45742450a24a15c6f6b48b825b7979dbf287bf87f8290344f7bf5bf69d1c1f762f2e81a27d1fe0997712a5d2f

    • SSDEEP

      6144:vLh5iWs5gArF3LDd84ESQoCGhWg2ZQkyDfTbjfyLX1WYaaGM6Btk2:vN5iWs5gZ4E6CyWgcQBzvja4YaaUtk2

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks