352f20fc1f8b8354ab0f610f5fdb66c11e24d56ba92f323df35200a0939ba674 | Triage

Sharing

General

Target

TRDKXFp3.bat
Size

197B
Sample

200402-95haj95jqj
MD5

9727c80f12d3336f330b3688e052968e
SHA1

a20e98c967b46f66b2c7ebb51739ea41636b7f79
SHA256

352f20fc1f8b8354ab0f610f5fdb66c11e24d56ba92f323df35200a0939ba674
SHA512

faf8e17c7858c3163621f74dc918b491b591c9f99c9351d904b4653be79148e9495ad07e94f82a56506e132fbb4b256fdd36b1da0659fad778ef36369ee12bd6

Score

10^/10

evasion persistence ransomware spyware trojan

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://185.103.242.78/pastes/TRDKXFp3

Targets

- Target
  
  TRDKXFp3.bat
- Size
  
  197B
- MD5
  
  9727c80f12d3336f330b3688e052968e
- SHA1
  
  a20e98c967b46f66b2c7ebb51739ea41636b7f79
- SHA256
  
  352f20fc1f8b8354ab0f610f5fdb66c11e24d56ba92f323df35200a0939ba674
- SHA512
  
  faf8e17c7858c3163621f74dc918b491b591c9f99c9351d904b4653be79148e9495ad07e94f82a56506e132fbb4b256fdd36b1da0659fad778ef36369ee12bd6
Score

10^/10

persistence ransomware evasion spyware trojan
- Blacklisted process makes network request
- Program crash
- Discovering connected drives
- Modifies system certificate store
  evasion spyware trojan
- Drops file in System32 directory
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

persistenceransomwareevasionspywaretrojan

behavioral2