Overview

overview

10

Static

static

10

The-MALWAR...er.zip

windows7-x64

10

The-MALWAR...er.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    The-MALWARE-Repo-master.zip

  • Size

    63.3MB

  • Sample

    250118-shr46swmgx

  • MD5

    59cb533617e10ca74e8735ff41e5b823

  • SHA1

    644468d5d6d8fab98268e219e8f2ce518b655ff4

  • SHA256

    7ff2c3acbb884ead411c8b9f0df5b0ca5038333bdf872cb37d5e7eec4ac96b6f

  • SHA512

    9b7e28bde79886ff479110b43380e73c4d1a95c547947abbb1825ed4f5078d3060a4390bf1dcead1d593abe0c0167c396e0aa47b3231eb577737c8c93efbe50b

  • SSDEEP

    1572864:1bR+Nd33aius1Ckqujkhpgz2L9HBlHYSZ95hPfqL55r/XKAM:1ANl3aFs1C4SA2hlHf9Rfi5xjM

Score
10/10
chimerafloxifmydoombackdoorbootkitdiscoverymacromacro_on_actionpersistenceransomwarespywarestealertrojanupx

Malware Config

Targets

    • Target

      The-MALWARE-Repo-master.zip

    • Size

      63.3MB

    • MD5

      59cb533617e10ca74e8735ff41e5b823

    • SHA1

      644468d5d6d8fab98268e219e8f2ce518b655ff4

    • SHA256

      7ff2c3acbb884ead411c8b9f0df5b0ca5038333bdf872cb37d5e7eec4ac96b6f

    • SHA512

      9b7e28bde79886ff479110b43380e73c4d1a95c547947abbb1825ed4f5078d3060a4390bf1dcead1d593abe0c0167c396e0aa47b3231eb577737c8c93efbe50b

    • SSDEEP

      1572864:1bR+Nd33aius1Ckqujkhpgz2L9HBlHYSZ95hPfqL55r/XKAM:1ANl3aFs1C4SA2hlHf9Rfi5xjM

    Score
    10/10
    chimeradiscoverypersistenceransomwarespywarestealerfloxifbackdoorbootkittrojanupx

    • Chimera

      Ransomware which infects local and network files, often distributed via Dropbox links.

      ransomwarechimera

    • Chimera Ransomware Loader DLL

      Drops/unpacks executable file which resembles Chimera's Loader.dll.

      ransomware

    • Chimera family

      chimera

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Renames multiple (2006) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks