974cb763c5670a8c187c5e7108964741b8c59590ac35f3bdccb2e069e2ec7506 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Lose2himatoV2.exe

windows10-2004-x64

9

Sharing

General

Target

Lose2himatoV2.exe
Size

138.5MB
Sample

250102-sjvxfswlfx
MD5

b13b58171063faf469d7cffd178644a6
SHA1

0cc178b5db25710be4181e0f15b70ca8c3049ef2
SHA256

974cb763c5670a8c187c5e7108964741b8c59590ac35f3bdccb2e069e2ec7506
SHA512

511d96d59fc5646aead6f0bf16ecbe9f9e1ab60e05954b02d2b53c7686df2ccfe85374388fc5aece04e50bd37ff3411319c7107d52cc33c3af819fb47ab570e3
SSDEEP

786432:Y93oFjO6NbbB6uTE/kbsV0jmB/gWD4otJ0njnEMIQAhpLoMS/QVQfmLh0VPdTtLH:Y9SjOsbbUng40ihpEX/QVQfmLmxHXutU

Score

9^/10

paypal defense_evasion discovery evasion phishing ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Lose2himatoV2.exe

Resource

win10v2004-20241007-en

paypal defense_evasion discovery evasion phishing ransomware

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Lose2himatoV2.exe
- Size
  
  138.5MB
- MD5
  
  b13b58171063faf469d7cffd178644a6
- SHA1
  
  0cc178b5db25710be4181e0f15b70ca8c3049ef2
- SHA256
  
  974cb763c5670a8c187c5e7108964741b8c59590ac35f3bdccb2e069e2ec7506
- SHA512
  
  511d96d59fc5646aead6f0bf16ecbe9f9e1ab60e05954b02d2b53c7686df2ccfe85374388fc5aece04e50bd37ff3411319c7107d52cc33c3af819fb47ab570e3
- SSDEEP
  
  786432:Y93oFjO6NbbB6uTE/kbsV0jmB/gWD4otJ0njnEMIQAhpLoMS/QVQfmLh0VPdTtLH:Y9SjOsbbUng40ihpEX/QVQfmLmxHXutU
Score

9^/10

paypal defense_evasion discovery evasion phishing ransomware
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Disables Task Manager via registry modification
  evasion
- Indicator Removal: Network Share Connection Removal
  Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand PAYPAL.
  phishing paypal
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Account Manipulation

Privilege Escalation

Account Manipulation

Defense Evasion

Indicator Removal

Network Share Connection Removal

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Permission Groups Discovery

Local Groups

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

paypaldefense_evasiondiscoveryevasionphishingransomware

© 2018-2025

Terms | Privacy