29b80fdcc076af9c521b620decd522ca7c56abe2704b4082236ec95b0b15289e | Triage

Sharing

General

Target

1.bin.zip
Size

33KB
Sample

201127-ljae7d59hs
MD5

4bcb2bfafc8eb72c1c5ecef4cf40a710
SHA1

6b5328a6469431e4cfeaad3251b15cb5707a4c90
SHA256

29b80fdcc076af9c521b620decd522ca7c56abe2704b4082236ec95b0b15289e
SHA512

e35e1db98865fe7248f06c4e271811e96cb7bdebcfe0e356c78e5bebb8035163aa4cab31ebe88e01dc989181f6e3660d512cb053cc45edb233d752565e9becb7

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  1.bin
- Size
  
  142KB
- MD5
  
  7c59fde9b70378548091eecbe4865bd4
- SHA1
  
  5dbc811e8d8f6a8603ed0661856f6713c1f88311
- SHA256
  
  33832e553779ef5339b82429a8db556b1e4f458406fd5c7d90b005deb4e68f28
- SHA512
  
  83092f14815c2cad54aea0c724edb942e3771f08d2914901453b64cbf29ad0d8c84587ef76cd350bacff67757a6d60ee2df4e7ac8a8819170b23b557a913eb61
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware