ioc[.]one - OSINT Cyber Threat Intelligence Database

From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution
country:	Spain
attack-pattern:	Data Boot Or Logon Autostart Execution - T1547 Bootkit - T1542.003 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Defacement - T1491 File And Directory Discovery - T1420 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Inhibit System Recovery - T1490 Internal Defacement - T1491.001 Malware - T1587.001 Malware - T1588.001 Pre-Os Boot - T1542 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Bootkit - T1067 Data From Local System - T1005 File And Directory Discovery - T1083 Hidden Window - T1143 Modify Registry - T1112 Registry Run Keys / Start Folder - T1060 Windows Management Instrumentation - T1047 Data Destruction

Show in Graph

Common Information

Type	Value
UUID	a34e9bf1-4f6a-43e0-95e3-0b624a339433
Fingerprint	b602e0f11435b65f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 15, 2022, midnight
Added to db	Oct. 24, 2023, 1:38 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	From the Front Lines \| Slam! Anatomy of a Publicly-Available Ransomware Builder
Title	From the Front Lines \| Slam! Anatomy of a Publicly-Available Ransomware Builder
Detected Hints/Tags/Attributes	83/3/73

Source URLs

	Redirection	Url
Details	Source	https://www.sentinelone.com/blog/from-the-front-lines-slam-anatomy-of-a-publicly-available-ransomware-builder/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	www.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	File	3	consoleapp2.exe
Details	File	1	%appdata%\local\discord.exe
Details	File	12	cleanmgr.exe
Details	File	1	wgmhhfhnkiczpunfqaa8cx4kqwvcrg.exe
Details	File	13	start.exe
Details	File	1	c:\slam_mbr_builder\start.exe
Details	File	1	mbrcs.exe
Details	File	16	builder.exe
Details	sha1	1	1ba9043ac164c6c60de4a1ee2ca50b2e7f4ebaf5
Details	sha1	1	2037d9f2e7cd15930e83f5142c5a48adecd3b617
Details	sha1	1	272566e8b5880e32cefb7a165a833652815a003f
Details	sha1	1	27b1ca0793caa19edabfbc49e6cffc05b73093da
Details	sha1	1	2c41f64557056e69541acf5ba52313869122f625
Details	sha1	1	336371f4200af680f73c0b9c51fca5a25dd5754a
Details	sha1	1	35ab1d4924990bf98a8e2e1026f91b5c9052de8e
Details	sha1	1	3fa6705ca1b056a66f25a689dff72af0893f5b86
Details	sha1	1	40bfa92e86484c09f2f7668121a1c4047c17ae72
Details	sha1	1	44aaef83b79f4e963c4fee56250bc053eae5ec64
Details	sha1	1	4879bd193dd73681c977371c857217257f141c92
Details	sha1	1	4cff2b02cb6c1f866499125c003af1032a81b480
Details	sha1	1	5a28f787cc73cffa7b5786faf3298d43e00d12aa
Details	sha1	1	61e8ba86725ec3f4e034c51950cabc6254c5cca5
Details	sha1	1	6325c42719b1aa3a48dd39b8add200054d3e0118
Details	sha1	1	669ce00937bde782a88526205f083861e6d71be1
Details	sha1	1	6e420a6c7b8e2d144df66dcbbae1afba62c82f4b
Details	sha1	1	7429fdf9151dfa9e4d4dc8ef86528313d13dc73f
Details	sha1	1	7690c273c8164a65602ed8f4284f0d50966d27c6
Details	sha1	1	863edff3c71e89349674df35ab07f27ecb6702ef
Details	sha1	1	880c343e75e7e8731f185ce756357599c37be065
Details	sha1	1	8b46ce2ffa24a377ff30ea094e02bc3ba3e808da
Details	sha1	1	8f3dc8437563182e06699763581fd6f7923b7582
Details	sha1	1	9edd3d920fbe89240d52cc8b300a90e5bf576f73
Details	sha1	1	b031d4c3747b58d930f33fe73abbf518dac63a31
Details	sha1	1	be82474f54f49249c43c701c12907ec730e2a723
Details	sha1	1	c5351846988ef5d6e7b95f564416138f59e2092a
Details	sha1	1	c84aeb8c0b3939fd7f6beb9d73e72cc5ed8745db
Details	sha1	1	c998384c7b8cfd2ca881f282dfdbc104d8402bac
Details	sha1	1	ca2999c9c5a17b0253579194f651b4aafdce16f1
Details	sha1	1	cb243b61a8d43816e1de7f0767b1377d0276dd71
Details	sha1	1	cf30cc1e653043df81aa9d8974f2f927ceadc826
Details	sha1	1	d187d81f4d021839e8f6e925dc192e231eb4679c
Details	sha1	1	d635103117daaf2a2b93d465e32e7b722dd4d367
Details	sha1	1	d6c9a556f5770f0a8f8ad05c5d46becd0cd021d3
Details	sha1	1	d94eb94bb3c2c6c0c70916f8be2417ac616e8b43
Details	sha1	1	dc327f3afbb6c770656be16fc885e1090f8395a3
Details	sha1	1	ddba71aae3b8139210f71e835e1b89e90b0bd1dc
Details	sha1	1	e0868fdb2f09d3a4aefe4c79d6af88c2f9b55ce2
Details	sha1	1	e2052995d368355e899a518dbbbab716045abbd1
Details	sha1	1	e9a5b40d0ba5a8bb5c4a1c5471616c93e0851558
Details	sha1	1	ea4f7dda5a64a740a9c5570870ccba2788c69ea6
Details	sha1	1	ee144154139619b8c1d890e5b6f9bf130d929e6f
Details	sha1	1	eeafbbfaaf05d8b7a8a1dc3f7858a21e7fdb0531
Details	sha1	1	f31855a1d5509b1e906caee75db3326515488cbc
Details	sha1	1	fcd90af249796fc3c40e1e94d558b6f2d61304b5
Details	IPv4	1441	127.0.0.1
Details	MITRE ATT&CK Techniques	9	T1542.003
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	66	T1564.003
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	30	T1491.001
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	7	T0809
Details	Pdb	1	c:\slam_mbr_builder\mbroverwriter\mbrcs\obj\debug\mbrcs.pdb
Details	Pdb	1	c:\slam_ransomware_builder\consoleapp2\consoleapp2\obj\debug\consoleapp2.pdb
Details	Pdb	1	c:\users\amdga\desktop\uacme-master\source\akagi\output\win32\debug\akagi.pdb
Details	Pdb	1	i386.pdb
Details	Pdb	1	c:\slam_ransomware_builder\uac\consoleapp2\obj\debug\consoleapp2.pdb
Details	Pdb	1	c:\users\amdga\source\repos\conect\conect\obj\debug\conect.pdb
Details	Pdb	1	c:\users\ander\source\repos\slam ransomware builder\slam ransomware builder\obj\debug\slam ransomware builder.pdb