7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335 | Triage

Sharing

General

Target

tspm.bin
Size

1.1MB
Sample

200707-c6754rh4dx
MD5

a4fac8df05ee106a9f658b9bb4f90d05
SHA1

8d02ab35f57f4a98679935c7fd6d20e5ceef585a
SHA256

7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335
SHA512

c3d2c2f33637fed7b410ef15dce824ba21103fa970163a10759b1089e4814c0d22e7e22f5954ff7d08dd087ead822f7c8783a47ce1bd01d244728b3fb61f5bf7

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  tspm.bin
- Size
  
  1.1MB
- MD5
  
  a4fac8df05ee106a9f658b9bb4f90d05
- SHA1
  
  8d02ab35f57f4a98679935c7fd6d20e5ceef585a
- SHA256
  
  7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335
- SHA512
  
  c3d2c2f33637fed7b410ef15dce824ba21103fa970163a10759b1089e4814c0d22e7e22f5954ff7d08dd087ead822f7c8783a47ce1bd01d244728b3fb61f5bf7
Score

10^/10

evasion trojan persistence ransomware
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

File Deletion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasiontrojanpersistenceransomware

behavioral2

evasiontrojanransomwarepersistence