Overview

overview

10

Static

static

3

027cc450ef...d9.dll

windows7-x64

10

027cc450ef...d9.dll

windows10-2004-x64

10

svchost.exe

windows7-x64

svchost.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware.Petrwrap.zip

  • Size

    1.1MB

  • Sample

    250210-y5c7eswpcl

  • MD5

    6884a35803f2e795fa4b121f636332b4

  • SHA1

    527bfbf4436f9cce804152200c4808365e6ba8f9

  • SHA256

    cf01329c0463865422caa595de325e5fe3f7fba44aabebaae11a6adfeb78b91c

  • SHA512

    262732a9203e2f3593d45a9b26a1a03cc185a20cf28fad3505e257b960664983d2e4f2b19b9ff743015310bf593810bd049eb03d0fd8912a6d54de739742de60

  • SSDEEP

    24576:XtZfUANeQHLqNZ2rl5zkFGPI/9+4C/BGq/Om00pN5m:XtZc+trnHkxVqQqm

Score
10/10
mimikatzbootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      027cc450ef5f8c5f653329641ec1fed9.exe

    • Size

      353KB

    • MD5

      71b6a493388e7d0b40c83ce903bc6b04

    • SHA1

      34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d

    • SHA256

      027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

    • SHA512

      072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f

    • SSDEEP

      6144:y/Bt80VmNTBo/x95ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOs2:y/X4NTS/x9jNG+w+9OqFoK323qdQYKUG

    Score
    10/10
    mimikatzbootkitdiscoverypersistencespywarestealer

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      svchost.exe

    • Size

      704KB

    • MD5

      d2ec63b63e88ece47fbaab1ca22da1ef

    • SHA1

      dd52fcc042a44a2af9e43c15a8e520b54128cdc8

    • SHA256

      e5c643f1d8ecc0fd739d0bbe4a1c6c7de2601d86ab0fff74fd89c40908654be5

    • SHA512

      89d9e63d5f3b34be3d25317933031815a42c039fbee30ce8c86f8b1b7c6ca9ccfc8731da99b9246381a2c05a95ada423f4944ff72111eb0451a44e9dcb3e053e

    • SSDEEP

      12288:rue4X2Uz0DsetgxLdsCHvX8XYJWs6XS1bFLDw1P86jZpMV7uikFg:v+2UzSgxLdsCHmQb6XSbFLDs06jZulus

    Score
    7/10

    • Drops startup file

    • Drops desktop.ini file(s)

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks