Automatic Gobfuscator Deobfuscation with EKANS Ransomware
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 8b717897-2b9d-4fdb-a05b-7546b09f67ba |
| Fingerprint | 9e02ba13287d2218 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 17, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Automatic Gobfuscator Deobfuscation with EKANS Ransomware |
| Title | Automatic Gobfuscator Deobfuscation with EKANS Ransomware |
| Detected Hints/Tags/Attributes | 36/1/18 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.goggleheadedhacker.com/blog/post/22 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 38 | ntdetect.com |
|
| Details | Domain | 24 | ctemplar.com |
|
| Details | 4 | bapcocrypt@ctemplar.com |
||
| Details | File | 196 | desktop.ini |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 66 | ntuser.ini |
|
| Details | File | 100 | ntuser.dat.log |
|
| Details | File | 28 | usrclass.dat |
|
| Details | File | 3 | usrclass.dat.log |
|
| Details | File | 120 | boot.ini |
|
| Details | File | 90 | bootfont.bin |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 63 | ctfmon.exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 4 | fix-your-files.txt |
|
| Details | Github username | 4 | unixpickle |