BlueCrab Ransomware's Continuous Attempts to Bypass Detection - ASEC BLOG
Tags
attack-pattern: Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Hollowing - T1055.012 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 Process Hollowing - T1093 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID b93b568c-bdd5-400b-bc3c-8504587f8b58
Fingerprint 2f3cc071a4e29683
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 3, 2021, 12:30 p.m.
Added to db Sept. 11, 2022, 4:59 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline BlueCrab Ransomware’s Continuous Attempts to Bypass Detection
Title BlueCrab Ransomware's Continuous Attempts to Bypass Detection - ASEC BLOG
Detected Hints/Tags/Attributes 56/1/18
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/20030/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details File 16 
check.php
Details File 61 
search.php
Details File 49 
info.php
Details File 26 
forum.php
Details File 376 
wscript.exe
Details File 1208 
powershell.exe
Details File 2126 
cmd.exe
Details File 409 
c:\windows\system32\cmd.exe
Details File 380 
notepad.exe
Details File 155 
cscript.exe
Details File 76 
ping.exe
Details File 22 
find.exe
Details File 21 
write.exe
Details File 81 
werfault.exe
Details File 2 
db.bat
Details File 1018 
rundll32.exe
Details File 12 
cleanmgr.exe
Details File 2 
12xrr+readme.txt