Overview

overview

10

Static

static

SecuriteIn...70.exe

windows7_x64

10

SecuriteIn...70.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.StartPage1.57542.6255.20970

  • Size

    110KB

  • Sample

    200801-jx67lrl7w2

  • MD5

    3af1d421410a6e528c93384a25437956

  • SHA1

    db52c58a5791865071b17ec7403b8ac9bb9abb66

  • SHA256

    0f6166d9b707f8610c81b7068962611e25cdef8db665b10343179d82131ef0a3

  • SHA512

    7aa68ef3f9d4b4a5e38a04c35aef1579b95cc3f0d221e900cf59564e9366fc19aacc0896d7034c6b084234614b8810782b5cb99be07396cc1179b960a4f5e3a9

Score
10/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.StartPage1.57542.6255.20970

    • Size

      110KB

    • MD5

      3af1d421410a6e528c93384a25437956

    • SHA1

      db52c58a5791865071b17ec7403b8ac9bb9abb66

    • SHA256

      0f6166d9b707f8610c81b7068962611e25cdef8db665b10343179d82131ef0a3

    • SHA512

      7aa68ef3f9d4b4a5e38a04c35aef1579b95cc3f0d221e900cf59564e9366fc19aacc0896d7034c6b084234614b8810782b5cb99be07396cc1179b960a4f5e3a9

    Score
    10/10
    ransomwarepersistenceevasion

    • Modifies security service

      evasion

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

File Deletion

2
T1107

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks