ee51d6f18eed049428097cce7f44fb1a6dca363adca30680de17918232b0b0af | Triage

Sharing

General

Target

ee51d6f18eed049428097cce7f44fb1a6dca363adca30680de17918232b0b0af.bin.sample
Size

141KB
Sample

201101-kf41aszvta
MD5

0385420851811ec54932ff743742821d
SHA1

85b921db2110988862c69fa3f236fc4ff3663172
SHA256

ee51d6f18eed049428097cce7f44fb1a6dca363adca30680de17918232b0b0af
SHA512

3c5cfd147d2f65f8bd7f10e37a21c4ef6e8c549b438910fd68e2eb4070b443b2172c27200a35590a6f1874c5b5c740bf7070d231a3c2f118ea84f762a6a533c3

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  ee51d6f18eed049428097cce7f44fb1a6dca363adca30680de17918232b0b0af.bin.sample
- Size
  
  141KB
- MD5
  
  0385420851811ec54932ff743742821d
- SHA1
  
  85b921db2110988862c69fa3f236fc4ff3663172
- SHA256
  
  ee51d6f18eed049428097cce7f44fb1a6dca363adca30680de17918232b0b0af
- SHA512
  
  3c5cfd147d2f65f8bd7f10e37a21c4ef6e8c549b438910fd68e2eb4070b443b2172c27200a35590a6f1874c5b5c740bf7070d231a3c2f118ea84f762a6a533c3
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware