Overview

overview

9

Static

static

satan_1.0....ir.exe

windows7_x64

9

satan_1.0....ir.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    satan_1.0.0.14.vir

  • Size

    184KB

  • Sample

    200719-1fbvthxk1j

  • MD5

    802e683af9dae89d568acaab6715ce6c

  • SHA1

    66777253c5d7691b409ba23e587fd530dd3b9291

  • SHA256

    5036daccd356ba9794957dc02668b903e2779eb2865aa2cf6605c8cb9f639da6

  • SHA512

    da73219d332dfbd15a862511ce9746d9286fe18dc526e6e9545bedddeb035be218a5b3393b5ff68e247faef0254b05b2b73df72a076ee344dd44e5b93bcfefc9

Score
9/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      satan_1.0.0.14.vir

    • Size

      184KB

    • MD5

      802e683af9dae89d568acaab6715ce6c

    • SHA1

      66777253c5d7691b409ba23e587fd530dd3b9291

    • SHA256

      5036daccd356ba9794957dc02668b903e2779eb2865aa2cf6605c8cb9f639da6

    • SHA512

      da73219d332dfbd15a862511ce9746d9286fe18dc526e6e9545bedddeb035be218a5b3393b5ff68e247faef0254b05b2b73df72a076ee344dd44e5b93bcfefc9

    Score
    9/10
    ransomwarepersistenceevasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Modifies service

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks