Overview

overview

10

Static

static

1

image_2025...78.png

windows7-x64

3

image_2025...78.png

windows10-2004-x64

Resubmissions

28/03/2025, 20:43

250328-zhwwpasqx4 10

28/03/2025, 20:40

250328-zgc27a1vh1 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    image_2025-03-28_204056178.png

  • Size

    7KB

  • Sample

    250328-zgc27a1vh1

  • MD5

    daf0a316fba7e913fe8305e4c8a53205

  • SHA1

    0556975b72209b8067fd5b09ae21fa9c1bade785

  • SHA256

    fe1fd2bb77618fa06e548283188cf3696acc9dd2d8a4c3f4e03560f3dddc3103

  • SHA512

    e6fdaa9709f1a5a2a28eedeff4934f6060086f5eb60d4c9d576957c52d2c64fa43f475d44ceeb42cd5138a6dcafdadfef273817da1b19a3ab21e8ba1316f8f6e

  • SSDEEP

    96:X2fEYr0GPuMnGuwrwfHYF9scngjmij+cf1uq9cy+Sxwn2xcViPvcGcos2P/sIZw+:mEazpG/Ok9Xg0y9C2XzPjP/ccVas3Hwc

Score
10/10
defense_evasiondiscoverypersistenceransomwaretrojan

Malware Config

Targets

    • Target

      image_2025-03-28_204056178.png

    • Size

      7KB

    • MD5

      daf0a316fba7e913fe8305e4c8a53205

    • SHA1

      0556975b72209b8067fd5b09ae21fa9c1bade785

    • SHA256

      fe1fd2bb77618fa06e548283188cf3696acc9dd2d8a4c3f4e03560f3dddc3103

    • SHA512

      e6fdaa9709f1a5a2a28eedeff4934f6060086f5eb60d4c9d576957c52d2c64fa43f475d44ceeb42cd5138a6dcafdadfef273817da1b19a3ab21e8ba1316f8f6e

    • SSDEEP

      96:X2fEYr0GPuMnGuwrwfHYF9scngjmij+cf1uq9cy+Sxwn2xcViPvcGcos2P/sIZw+:mEazpG/Ok9Xg0y9C2XzPjP/ccVas3Hwc

    Score
    10/10
    defense_evasiondiscoverypersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      defense_evasiontrojan

    • Disables RegEdit via registry modification

      defense_evasion

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

4
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

3
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Tasks