General
-
Target
2025-03-14_b66ef055f69d2d1a1d8a6f7128cc34a4_revil
-
Size
92KB
-
Sample
250314-pz49aatrv9
-
MD5
b66ef055f69d2d1a1d8a6f7128cc34a4
-
SHA1
b0bdbebb93abe1c437d9b8f243368ca0de74603a
-
SHA256
c7d0fa4e911df7241f9385a109ad4814d10fb640bb8151e7d1abeec1065bcacd
-
SHA512
c052dd76b90cad8b5d40409d00ef41d3e75439edab7e6cb79d60ec98bd17af172e4e56fa031bf1cd5256d7baa0f6ea13648044da641df90e992f36432fe0d64a
-
SSDEEP
1536:Y73nkB0DyMgQSm9NwcKzwpR+7JICS4ABwZ/gsZujGC:c/hKzstg5gs2
Behavioral task
behavioral1
Sample
2025-03-14_b66ef055f69d2d1a1d8a6f7128cc34a4_revil.exe
Resource
win11-20250217-en
Malware Config
Extracted
C:\Users\r6cx9989a6-readme.txt
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A9CC7C529A4ECA4B
Targets
-
-
Target
2025-03-14_b66ef055f69d2d1a1d8a6f7128cc34a4_revil
-
Size
92KB
-
MD5
b66ef055f69d2d1a1d8a6f7128cc34a4
-
SHA1
b0bdbebb93abe1c437d9b8f243368ca0de74603a
-
SHA256
c7d0fa4e911df7241f9385a109ad4814d10fb640bb8151e7d1abeec1065bcacd
-
SHA512
c052dd76b90cad8b5d40409d00ef41d3e75439edab7e6cb79d60ec98bd17af172e4e56fa031bf1cd5256d7baa0f6ea13648044da641df90e992f36432fe0d64a
-
SSDEEP
1536:Y73nkB0DyMgQSm9NwcKzwpR+7JICS4ABwZ/gsZujGC:c/hKzstg5gs2
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1