aab77d3b1891b93b6fd235cb023127c2b34365026057bb0200b714f9483cab80 | Triage

Sharing

General

Target

svchost.bin.zip
Size

308KB
Sample

200721-59p4zyvljj
MD5

4e34fb7985fc2d1d4b24cf8a0499ab92
SHA1

823c2353e00e375f972894674f98da2ba5f44326
SHA256

aab77d3b1891b93b6fd235cb023127c2b34365026057bb0200b714f9483cab80
SHA512

90274837c4985da35feb91c610db278fea78b401b7f5a4c8f85cfcc8b52d796eb45d33e7613dffcb068b6d8bf51ca14bd668f7b4541aa45abaf4805f5cebfe55

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  svchost.bin
- Size
  
  312KB
- MD5
  
  fbd82a5f5bfe23872fad17cf62c41a6e
- SHA1
  
  03dff661da8207517fc4cb3c0809e8c0fe7f76fa
- SHA256
  
  a1b6faa0465ec8bf30e3450f9679f121ff9e724257577c38c813b77e82e1f42f
- SHA512
  
  ac653d1f6b2222c56c3b73715219028a70ca078c87585a11ee2260d68d336e76a794d5d4c111c7c423aa916ed375d18a0cc3a6eb4789e40414243467e11da9bc
Score

10^/10

persistence evasion trojan ransomware
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops file in Drivers directory
- Checks whether UAC is enabled
  evasion trojan
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

File Deletion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojanransomware

behavioral2

evasiontrojanransomwarepersistence