e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537 | Triage

Sharing

General

Target

e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537
Size

752KB
Sample

191028-1w9b61jzc2
MD5

deed16eadb1a270dfc54daf84f53aad6
SHA1

cfa00beec23e1221ec6197abe887ef51ca0722d8
SHA256

e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537
SHA512

7339177ceef2adfb79455ef88c0d9e88c763b1a17704b14e10767d27289123dbe10e15ad48500f2617ffe4398e9b0133debe2b3e2769ed463110cde411bd2d4c

Score

9^/10

Malware Config

Targets

- Target
  
  e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537
- Size
  
  752KB
- MD5
  
  deed16eadb1a270dfc54daf84f53aad6
- SHA1
  
  cfa00beec23e1221ec6197abe887ef51ca0722d8
- SHA256
  
  e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537
- SHA512
  
  7339177ceef2adfb79455ef88c0d9e88c763b1a17704b14e10767d27289123dbe10e15ad48500f2617ffe4398e9b0133debe2b3e2769ed463110cde411bd2d4c
Score

9^/10
- Deletes shadow copies
  ransomware
- Deletes itself
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Drops Office document
  dropper exploiter maldoc
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

task1

task2