Overview

overview

10

Static

static

3

Ransomware...ya.exe

windows7-x64

10

Ransomware...ya.exe

windows10-2004-x64

10

ayonigga.cmd

windows7-x64

10

ayonigga.cmd

windows10-2004-x64

10

www.exe

windows7-x64

7

www.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99SSB_Ransomware.NotPetya.zip

  • Size

    10.7MB

  • Sample

    241128-fx73qatjam

  • MD5

    ee8f4a93c36253cf17a4321c7241e6bb

  • SHA1

    31d82d95a5c5f62441a0fa9533cf15e717507c74

  • SHA256

    b406f26f01869d54e6fc2b9e1732dc2c2f78fc0f8a21edd74b5369de0a6d50b4

  • SHA512

    6f13a4a91210e9468513113154e0ff76842a90b67108f848a5090009b8140a6f726953daf2f1c4b11c1b08176437746208d9610b527bf14fe661dd24ddd2123c

  • SSDEEP

    196608:0Fe6tL+h108THhPOEfSlDwB2NsF5vJMadM+9/28Bo1j6tH8GN1aFax:4Mm+SlDwBysPvJDtG1jpG3aFq

Score
10/10
mimikatzbootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      Ransomware.NotPetya.exe

    • Size

      366KB

    • MD5

      e5cc289b0b2b74b8e02f5a7f07867705

    • SHA1

      81a884e16a81979c7fe56e61bcfdb94f8bb937ff

    • SHA256

      6497eb7e530ccecce0bc9d8a0771221d7e980b7be875b2b3969110eb8b8f2305

    • SHA512

      4cd22f953ce44d6d960dbe2bf651ae01fc865ec45742450a24a15c6f6b48b825b7979dbf287bf87f8290344f7bf5bf69d1c1f762f2e81a27d1fe0997712a5d2f

    • SSDEEP

      6144:vLh5iWs5gArF3LDd84ESQoCGhWg2ZQkyDfTbjfyLX1WYaaGM6Btk2:vN5iWs5gZ4E6CyWgcQBzvja4YaaUtk2

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      ayonigga.cmd

    • Size

      44B

    • MD5

      47890dcb8055d784b4d6a7cd40489881

    • SHA1

      1bbb3241ae64d8b5979ecfce992c181b48009c51

    • SHA256

      7c39af713d9b2983b7dbbefdbd6c0c36fffdc40bba97b7015dee2f4549510449

    • SHA512

      bbe72e1fb1287a30920f6842cae2d00ab9ee31f2ffb1ee3b09c1f6db3008e81fec9ad7133ed72ae7532e0e181a4cbea8b5bbdbe66543ac932830c6ed08ea2107

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

    • Target

      www.exe

    • Size

      10.5MB

    • MD5

      48c751e8db4122d77c35ad934f8306b9

    • SHA1

      7434cdd1e6a6264f5e4454400cbeccbc67584189

    • SHA256

      4ce828743cb99446fb7db04f52972177af9e6df98e1b2e82755e9b504fe68bac

    • SHA512

      084a3c7d70694960c80a329f829d20d34c05fcdc9586ffbae5c1a630e4806774ce4eb33feeb3f2d469ccfef80606526682fc2d5169838ae9c91a8133f62cda5c

    • SSDEEP

      196608:Mt3x/ZKPvtubFVPOyBK13wv2obzhPuEBlWcR/piuFM+/juZuOx2Da+:CxiPSK13wvTzhXPn7Wyj4uO2D

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks