55a75b5bc90a6fc8157c3d0917c6ce2a48da17e11f37c50b760838bbd33f1dad

General

Target

main.exe
Size

39.3MB
Sample

241227-zhqpnszjft
MD5

f5fd0f1f03882b4229ab0738d6416a89
SHA1

0c1d83facbb85ea52330009681d59307c7ee7909
SHA256

55a75b5bc90a6fc8157c3d0917c6ce2a48da17e11f37c50b760838bbd33f1dad
SHA512

58899188320a8890c78023c20b81b659544af4fee70fb3c37735be72671de544bb03730dd6c7c7bdf0a908e94aafceb6153b7987eee511ca52e9d7bd1176c654
SSDEEP

786432:c9YidhvMkqW8rK1QtICrhHJ5da8DZcUThl8nsx6fg0ndX22/m+npsj7VJsXWB1:c9JbqW9iICrhDI61A64g0dBpYJJj

Score

10^/10

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  39.3MB
- MD5
  
  f5fd0f1f03882b4229ab0738d6416a89
- SHA1
  
  0c1d83facbb85ea52330009681d59307c7ee7909
- SHA256
  
  55a75b5bc90a6fc8157c3d0917c6ce2a48da17e11f37c50b760838bbd33f1dad
- SHA512
  
  58899188320a8890c78023c20b81b659544af4fee70fb3c37735be72671de544bb03730dd6c7c7bdf0a908e94aafceb6153b7987eee511ca52e9d7bd1176c654
- SSDEEP
  
  786432:c9YidhvMkqW8rK1QtICrhHJ5da8DZcUThl8nsx6fg0ndX22/m+npsj7VJsXWB1:c9JbqW9iICrhDI61A64g0dBpYJJj
Score

10^/10

defense_evasion discovery evasion execution exploit impact persistence privilege_escalation pyinstaller ransomware spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Drops startup file
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1