API tools faq
paste
Advertisement
Guest User

Claudia

a guest
Jan 28th, 2015
223
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.38 KB | None | 0 0
raw download clone embed print report diff
  1.  
  2. CBTLocker Static | Dinamic Analisys Bitdefender:Trojan.Ransom.Dalexis.B
  3. VirusTotal Link: https://www.virustotal.com/en/file/373bd88a5c6a36e984a3da988dfe0ea603fae3b1fd4cc38abf0304ce9fa91adc/analysis/
  4.  
  5. Ask for sample on Twitter @Inr00twetrust
  6.  
  7. Filename
  8. hurled.scr
  9. Size
  10. 29KiB (29696 bytes)
  11. Type
  12. PE32 executable (GUI) Intel 80386, for MS Windows
  13. Architecture
  14. 32 Bit
  15. MD5
  16. 8d99918878198b8a85e90af4a06291f0
  17. SHA1
  18. 6259e573ff34e89315900cae294f7bfc3e770b7d
  19. SHA256
  20. 373bd88a5c6a36e984a3da988dfe0ea603fae3b1fd4cc38abf0304ce9fa91adc
  21.  
  22. Installation/Persistance
  23. specific registry key for changes
  24. details
  25. "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1)
  26. "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1)
  27. "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32" (Filter: 4)
  28. "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\Software\Microsoft\SystemCertificates\Root" (Filter: 5, Subtree: 1)
  29. "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT" (Filter: 5, Subtree: 1)
  30. "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot" (Filter: 5, Subtree: 1)
  31. "\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates" (Filter: 5, Subtree: 1)
  32. "\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT" (Filter: 5, Subtree: 1)
  33. "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5, Subtree: 1)
  34. "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\Software\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5, Subtree: 1)
  35.  
  36. VM Detection
  37. cryptographic machine GUID
  38. "8050000.exe" (Path: "\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY", Key: "MACHINEGUID")
  39. source
  40. Based on Registry Access
  41.  
  42. Policy Settings
  43.  
  44. "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
  45. "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
  46. "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
  47. "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
  48. "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
  49. "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
  50. "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
  51. "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
  52. "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
  53. "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
  54.  
  55. Contacts server
  56. details
  57. "213.186.33.150"
  58. "188.93.8.7"
  59. "213.186.33.19"
  60.  
  61.  
  62. DNS Requests
  63. Domain Address Country
  64. breteau-photographe.com 213.186.33.150 France
  65. voigt-its.de 188.93.8.7 Germany
  66. maisondessources.com 213.186.33.19 France
  67.  
  68. Contacted Hosts
  69. Host Address Host Port Host Protocol Host Country
  70. 213.186.33.150 443 TCP France
  71. 188.93.8.7 443 TCP Germany
  72. 213.186.33.19 443 TCP France
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!