Overview

overview

10

Static

static

5

ayonigga.cmd

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware.NotPetya.zip

  • Size

    5.6MB

  • Sample

    241128-fllqcawnft

  • MD5

    bfc6e4201c71cea924ac903000375286

  • SHA1

    14acb03efe028667d5543cdcb81039dd537c77d1

  • SHA256

    823f6586a8de88aa04e5518bd9aff97f64120b98d8d4757e31a8a13ed8b87713

  • SHA512

    d20719d866c5434131ae417a935914cde3f429d9ed0ed9670c97325616cb0856d60033b9860b17252550b4ad2965e5e375f6ab5c2aa1417c821446f352b5f6c3

  • SSDEEP

    98304:Xc7gCLAzRfD/3j7X9jyFvkFhtO2/pD7pqXE3ybRBMzj9cSP6apV0tcWC1:mgeAFb/TLByFvk9HYC9iapmeWC1

Score
10/10
mimikatzbootkitdiscoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      ayonigga.cmd

    • Size

      49B

    • MD5

      90602be76b3fbe3b0bcf32b4370bf188

    • SHA1

      981fe308e897d3c716b38620fa643126d15b50ab

    • SHA256

      10be821ccacea04571770af6dcc7281e1f8cde1b969092bee42ef2ea813c1bc9

    • SHA512

      ac04ff0d43efb5a8291e823a8486763b071fcea355573ce9becd74f14954b2bd1c15d0fa564113dfe97f0a72726188bcd75c5883c654581020d40c0761ed820b

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks