19d32c1fc7c6fa9a5924aeb6ce69d8e5211c3e458eb51178171e0c75f129c48a | Triage

Submit
Reports

Overview

overview

8

Static

static

8

uncategori...ir.exe

windows7_x64

8

uncategori...ir.exe

windows10_x64

5

Sharing

General

Target

uncategorized_9.0.0.2.vir
Size

224KB
Sample

200719-w9rxrn1sye
MD5

3706da30e1fc51212ae95aff2fae57ad
SHA1

72029dca348d3fa4faa43d9999fa1b744bb559cd
SHA256

19d32c1fc7c6fa9a5924aeb6ce69d8e5211c3e458eb51178171e0c75f129c48a
SHA512

0d8ae837a6e0a0f9ad582fb94b5a997d30066194f8428e77bdfa2cbe2669dbaa3784752ea41e354c9806bde1792392d930c0d365522f4f0cc762595e00b16897

Score

8^/10

bootkit persistence ransomware spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

uncategorized_9.0.0.2.vir.exe

Resource

win7

ransomware bootkit persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

uncategorized_9.0.0.2.vir.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  uncategorized_9.0.0.2.vir
- Size
  
  224KB
- MD5
  
  3706da30e1fc51212ae95aff2fae57ad
- SHA1
  
  72029dca348d3fa4faa43d9999fa1b744bb559cd
- SHA256
  
  19d32c1fc7c6fa9a5924aeb6ce69d8e5211c3e458eb51178171e0c75f129c48a
- SHA512
  
  0d8ae837a6e0a0f9ad582fb94b5a997d30066194f8428e77bdfa2cbe2669dbaa3784752ea41e354c9806bde1792392d930c0d365522f4f0cc762595e00b16897
Score

8^/10

ransomware bootkit persistence spyware
- Executes dropped EXE
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ransomwarebootkitpersistencespyware

behavioral2

© 2018-2024

Terms | Privacy