maze | a8ee878393898f17180c353ce59f099687cb43fc279614ba10a0829711f4158c | Triage

Sharing

General

Target

maze.zip
Size

425KB
Sample

200420-gjemc12fts
MD5

63dfe3027508bf1643297633b2f162c0
SHA1

cd176718f6b8550e538fa76cfed66368d5c9b7b2
SHA256

a8ee878393898f17180c353ce59f099687cb43fc279614ba10a0829711f4158c
SHA512

9f496be083a47a413d05ce3ebd7cc4199bfb431be85ccc1b53929a9840cc3a276b9ff1d77e53b3e3ec49a79dffd7220ac9305345c7f0a05419cee10063b476d1

Score

10^/10

maze persistence ransomware trojan

Malware Config

Targets

- Target
  
  launch.bat
- Size
  
  68B
- MD5
  
  fc9df43a0e518e46173810698bb61f2b
- SHA1
  
  d349c3a95356d0f97707b79495753bd03653f629
- SHA256
  
  d74870a0ba0e9cc7388bef1b4de9c09f6316a9ccf8e3191cdf6809e8032873ad
- SHA512
  
  84fec80449e9b5b1ddb150f6bda64b79435a38111273ab57e92a4ceeaa44c4c320eb9e02cc5384dbf281e52c936b14602826c54c8999e9df23cfe7e5800293d0
Score

10^/10

persistence trojan ransomware maze
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

persistencetrojanransomwaremaze

behavioral2

ransomwarepersistencetrojanmaze