Overview

overview

10

Static

static

1

record.ico

windows10-2004-x64

Resubmissions

20-12-2024 22:28

241220-2dz4nawmcp 10

20-12-2024 22:06

241220-1z443awjgq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    record.ico

  • Size

    4KB

  • Sample

    241220-2dz4nawmcp

  • MD5

    1111e06679f96ff28c1e229b06ce7b41

  • SHA1

    9fe5a6c6014b561060a640d0db02a303a35b8832

  • SHA256

    59d5e9106e907fa61a560294a51c14abcde024fdd690e41a7f4d6c88db7287a6

  • SHA512

    077aff77bbf827b9920cf53dff38427475e590c07ab8901fc34ce7b7fb9e9409207e53aff06fa7d1e3984bcf127507d0fc19284d8e7203c76d67c9b98c1c8f37

  • SSDEEP

    48:+8Zjqe+hlcUmCmXGyGC0Uh/2Zr4gvtfyocfR1/mrlR:54Fchp0CuZv44L

Score
10/10
discoveryevasionexecutionransomwaretrojan

Malware Config

Targets

    • Target

      record.ico

    • Size

      4KB

    • MD5

      1111e06679f96ff28c1e229b06ce7b41

    • SHA1

      9fe5a6c6014b561060a640d0db02a303a35b8832

    • SHA256

      59d5e9106e907fa61a560294a51c14abcde024fdd690e41a7f4d6c88db7287a6

    • SHA512

      077aff77bbf827b9920cf53dff38427475e590c07ab8901fc34ce7b7fb9e9409207e53aff06fa7d1e3984bcf127507d0fc19284d8e7203c76d67c9b98c1c8f37

    • SSDEEP

      48:+8Zjqe+hlcUmCmXGyGC0Uh/2Zr4gvtfyocfR1/mrlR:54Fchp0CuZv44L

    Score
    10/10
    discoveryevasionexecutionransomwaretrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks