Overview

overview

10

Static

static

3

ayonigga.cmd

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware.NotPetya.zip

  • Size

    10.7MB

  • Sample

    241128-frm6cssqcq

  • MD5

    ce31244aefcd40ae280a8cbbbafc9813

  • SHA1

    e7da4d4a81c4642d700dfcc05f9f548ee29732d2

  • SHA256

    40fe066089810be5f81182670c58a8e326ab4b86362c6b63d9e8e6b982045c17

  • SHA512

    fa1c70df020bcddc8775ffeb233d288cb3502e6c3bfa6fdc3b5b9f35735586b39ed76e632042d3c056627d391b278c471b179097b046759d387829521d7b70e0

  • SSDEEP

    196608:0rzXp15ZauYb1y0V9S9GYurEHpt2LVBjFLZiUXNmHFyrJz/w+quqUV7:iZ1FKTrEHCJBFLZiWmHEJz3qe7

Score
10/10
mimikatzbootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      ayonigga.cmd

    • Size

      44B

    • MD5

      47890dcb8055d784b4d6a7cd40489881

    • SHA1

      1bbb3241ae64d8b5979ecfce992c181b48009c51

    • SHA256

      7c39af713d9b2983b7dbbefdbd6c0c36fffdc40bba97b7015dee2f4549510449

    • SHA512

      bbe72e1fb1287a30920f6842cae2d00ab9ee31f2ffb1ee3b09c1f6db3008e81fec9ad7133ed72ae7532e0e181a4cbea8b5bbdbe66543ac932830c6ed08ea2107

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks