7eda4a7aad48e8c17fcc5f06f4977fe541af3bac0a666835323873e6a06cec51 | Triage

Sharing

General

Target

4f4dbd505348c33b9435351252aeddba1199df72011e4f83a643790d02231906.zip
Size

503KB
Sample

200625-pgnfjwwv2x
MD5

a5a010f5cd8fecbe165ddaea61c00509
SHA1

24a5a57062ed98afe2f4c11c49979fc337ce2895
SHA256

7eda4a7aad48e8c17fcc5f06f4977fe541af3bac0a666835323873e6a06cec51
SHA512

4b718bf13a785bc816ba3e92fee5505be85f8b65487b54c5e9e558fb5802aa95c912604393c61b0c5dfb13c12b20fd710c10aa4a4c83080ffda4139821b36b6e

Score

10^/10

persistence ransomware

Malware Config

Extracted

Path

C:\Users\Admin\ReadmeCrypto.txt

Ransom Note

baraka team your files are encrypted to recover them back contact us on pinkiwinki78@mail.ru

Emails

pinkiwinki78@mail.ru

Targets

- Target
  
  4f4dbd505348c33b9435351252aeddba1199df72011e4f83a643790d02231906
- Size
  
  936KB
- MD5
  
  6cdd7ca85e3828897d6e39b1ab93e6a2
- SHA1
  
  b3879d8d6f937d0aabf4660be207e9aabe965397
- SHA256
  
  4f4dbd505348c33b9435351252aeddba1199df72011e4f83a643790d02231906
- SHA512
  
  8df354a2024b2a047de5fe50437a6842066626953a0740ad1810b10f619266de1fece6d431a0cbb7ecfa300cc4529dd98da77e8a11d0aceedba67d1294a31984
Score

10^/10

ransomware persistence
- Adds Run entry to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

ransomwarepersistence

behavioral2

ransomwarepersistence