Overview

overview

10

Static

static

3

ayonigga.cmd

windows11-21h2-x64

10

ayonigga.cmd

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware.NotPetya.zip

  • Size

    10.7MB

  • Sample

    241128-fxca2swrg1

  • MD5

    ee8f4a93c36253cf17a4321c7241e6bb

  • SHA1

    31d82d95a5c5f62441a0fa9533cf15e717507c74

  • SHA256

    b406f26f01869d54e6fc2b9e1732dc2c2f78fc0f8a21edd74b5369de0a6d50b4

  • SHA512

    6f13a4a91210e9468513113154e0ff76842a90b67108f848a5090009b8140a6f726953daf2f1c4b11c1b08176437746208d9610b527bf14fe661dd24ddd2123c

  • SSDEEP

    196608:0Fe6tL+h108THhPOEfSlDwB2NsF5vJMadM+9/28Bo1j6tH8GN1aFax:4Mm+SlDwBysPvJDtG1jpG3aFq

Score
10/10
mimikatzandroidbootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      ayonigga.cmd

    • Size

      44B

    • MD5

      47890dcb8055d784b4d6a7cd40489881

    • SHA1

      1bbb3241ae64d8b5979ecfce992c181b48009c51

    • SHA256

      7c39af713d9b2983b7dbbefdbd6c0c36fffdc40bba97b7015dee2f4549510449

    • SHA512

      bbe72e1fb1287a30920f6842cae2d00ab9ee31f2ffb1ee3b09c1f6db3008e81fec9ad7133ed72ae7532e0e181a4cbea8b5bbdbe66543ac932830c6ed08ea2107

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks