Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CBTLocker Static | Dinamic Analisys Bitdefender:Trojan.Ransom.Dalexis.B
- VirusTotal Link: https://www.virustotal.com/en/file/373bd88a5c6a36e984a3da988dfe0ea603fae3b1fd4cc38abf0304ce9fa91adc/analysis/
- Ask for sample on Twitter @Inr00twetrust
- Filename
- hurled.scr
- Size
- 29KiB (29696 bytes)
- Type
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- 32 Bit
- MD5
- 8d99918878198b8a85e90af4a06291f0
- SHA1
- 6259e573ff34e89315900cae294f7bfc3e770b7d
- SHA256
- 373bd88a5c6a36e984a3da988dfe0ea603fae3b1fd4cc38abf0304ce9fa91adc
- Installation/Persistance
- specific registry key for changes
- details
- "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1)
- "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1)
- "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32" (Filter: 4)
- "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\Software\Microsoft\SystemCertificates\Root" (Filter: 5, Subtree: 1)
- "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT" (Filter: 5, Subtree: 1)
- "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot" (Filter: 5, Subtree: 1)
- "\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates" (Filter: 5, Subtree: 1)
- "\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT" (Filter: 5, Subtree: 1)
- "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5, Subtree: 1)
- "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\Software\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5, Subtree: 1)
- VM Detection
- cryptographic machine GUID
- "8050000.exe" (Path: "\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY", Key: "MACHINEGUID")
- source
- Based on Registry Access
- Policy Settings
- "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
- "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
- "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
- "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
- "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
- "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
- "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
- "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
- "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
- "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
- Contacts server
- details
- "213.186.33.150"
- "188.93.8.7"
- "213.186.33.19"
- DNS Requests
- Domain Address Country
- breteau-photographe.com 213.186.33.150 France
- voigt-its.de 188.93.8.7 Germany
- maisondessources.com 213.186.33.19 France
- Contacted Hosts
- Host Address Host Port Host Protocol Host Country
- 213.186.33.150 443 TCP France
- 188.93.8.7 443 TCP Germany
- 213.186.33.19 443 TCP France
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement