Overview

overview

10

Static

static

5

ayonigga.cmd

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware.NotPetya.zip

  • Size

    5.6MB

  • Sample

    241128-fmjmdasnhk

  • MD5

    33cc34abead8d02cb15dfffb8854c6ea

  • SHA1

    5aab943a2904f82e23b09877e549283eb895e70e

  • SHA256

    1713bce457cbe0b1c8a5a98c6cc86424ea967402af33860cbf0b42ae7a4f9059

  • SHA512

    879eb3b742a98e1674fa811fbaed6c5b00c3b3ac7f749d64beb79533fc00a13dcd113e9b48ed8ce42b72371460af15cbb89f0e1da6bfaf2dbe6acd3fe60dee6c

  • SSDEEP

    98304:Lc7zCLAzRfD/3j7X9jyFvkFhtO2/pD7pqXE3ybRBMzj9cSP6apV0tcWCd:SzeAFb/TLByFvk9HYC9iapmeWCd

Score
10/10
mimikatzbootkitdiscoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      ayonigga.cmd

    • Size

      48B

    • MD5

      c7160c2ed09e3b877a142cf616e2fee6

    • SHA1

      c99fb4a8d35306e7902c555dcf5d80297aab8877

    • SHA256

      0819669bf33c67865f28ef7a505ddc21a6a428f81be2631cbab9a67b3b0ada7f

    • SHA512

      e85147f4389786214c658f1e44c4eac8fb4a7def14ee2769b9f32067fa6ad2f1cbaea2abe28ad12e849694fa3c8f4aba994969d670edeca86c4654b15295ff75

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealerupx

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks