maze | b345697c16f84d3775924dc17847fa3ff61579ee793a95248e9c4964da586dd1 | Triage

Sharing

General

Target

b345697c16f84d3775924dc17847fa3ff61579ee793a95248e9c4964da586dd1.bin
Size

1.1MB
Sample

200220-rgh4rfmd9e
MD5

bd9838d84fd77205011e8b0c2bd711e0
SHA1

c5938ec75e5b655be84eb94d73adec0f63fbce16
SHA256

b345697c16f84d3775924dc17847fa3ff61579ee793a95248e9c4964da586dd1
SHA512

f1720e786f26f735956890b52ef913165b09661116becaaf7817ec757d56096d9a2c66a5bbfbc7b9a11791c145734f484de294fcb5b8c917e3837e48ded4df05

Score

10^/10

maze persistence ransomware trojan

Malware Config

Targets

- Target
  
  b345697c16f84d3775924dc17847fa3ff61579ee793a95248e9c4964da586dd1.bin
- Size
  
  1.1MB
- MD5
  
  bd9838d84fd77205011e8b0c2bd711e0
- SHA1
  
  c5938ec75e5b655be84eb94d73adec0f63fbce16
- SHA256
  
  b345697c16f84d3775924dc17847fa3ff61579ee793a95248e9c4964da586dd1
- SHA512
  
  f1720e786f26f735956890b52ef913165b09661116becaaf7817ec757d56096d9a2c66a5bbfbc7b9a11791c145734f484de294fcb5b8c917e3837e48ded4df05
Score

10^/10

persistence trojan ransomware maze
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

persistencetrojanransomwaremaze

behavioral2

persistencetrojanransomwaremaze