ioc[.]one - OSINT Cyber Threat Intelligence Database

Scarab ransomware: new variant changes tactics | Malwarebytes Labs

Tags

cmtmf-attack-pattern:	Data Manipulation
country:	Russia
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Data Manipulation - T1641 Data Manipulation - T1565 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Software - T1592.002 Mshta - T1170 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	69ec3ada-a126-440a-b758-73764e7b03d1
Fingerprint	25309843252187c5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 31, 2018, midnight
Added to db	Jan. 18, 2023, 8:35 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Scarab ransomware: new variant changes tactics
Title	Scarab ransomware: new variant changes tactics \| Malwarebytes Labs
Detected Hints/Tags/Attributes	57/3/42

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2018/01/scarab-ransomware-new-variant-changes-tactics/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	Value
Details	Domain	372	wscript.shell
Details	File	2127	cmd.exe
Details	File	6	sevnz.exe
Details	File	1	c:\users\viruslab\desktop\9a02862ac95345359dfc3dcc93e3c10e.exe
Details	File	1	c:\users\viruslab\appdata\roaming\sevnz.exe
Details	File	456	mshta.exe
Details	File	1	'9a02862ac95345359dfc3dcc93e3c10f.exe
Details	File	1	mtsha.exe
Details	File	1	'sevnz.exe
Details	File	2	o.reg
Details	File	57	agntsvc.exe
Details	File	54	isqlplussvc.exe
Details	File	2	ncsvc.exe
Details	File	46	msftesql.exe
Details	File	58	sqlagent.exe
Details	File	62	sqlbrowser.exe
Details	File	119	sqlservr.exe
Details	File	21	sqlserver.exe
Details	File	66	sqlwriter.exe
Details	File	67	oracle.exe
Details	File	57	ocssd.exe
Details	File	61	dbsnmp.exe
Details	File	57	synctime.exe
Details	File	57	mydesktopqos.exe
Details	File	56	xfssvccon.exe
Details	File	60	mydesktopservice.exe
Details	File	57	ocautoupds.exe
Details	File	57	encsvc.exe
Details	File	41	firefoxconfig.exe
Details	File	55	tbirdconfig.exe
Details	File	57	ocomm.exe
Details	File	57	mysqld.exe
Details	File	43	mysqld-nt.exe
Details	File	40	mysqld-opt.exe
Details	File	58	dbeng50.exe
Details	File	55	sqbcoreservice.exe
Details	File	380	notepad.exe
Details	md5	1	e8806738a575a6639e7c9aac882374ae
Details	md5	1	9a02862ac95345359dfc3dcc93e3c10e
Details	md5	1	9a02862ac95345359dfc3dcc93e3c10f
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ILRTISo
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\ILRTISo