a2855577eec6dbe89e205f9c5ea47dc67314f0f47013fe245462c2e22c38ba38 | Triage

Sharing

General

Target

1.bin.zip
Size

1.2MB
Sample

210217-4nrz59hdhs
MD5

d01d2153800f2803f4b22186a97087a9
SHA1

64bafedbb59f294695e909eabd188fb9b29510c5
SHA256

a2855577eec6dbe89e205f9c5ea47dc67314f0f47013fe245462c2e22c38ba38
SHA512

299d302ff23a942ab807d3c348ca52c23627cabc37b2c832a15086f68648d81ab0611c41ee0f93539ae4aec93a41f7594590717d154eafe21800e82744782e2c

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  1.bin
- Size
  
  1.3MB
- MD5
  
  3578f26788c2dc8bb885b0aeb41fb6cf
- SHA1
  
  cce3f0b3cd1188f9438799a2a88e542c534207d7
- SHA256
  
  3f0da8be8b14c012b6ecc6c210aa2df4a2dd8285a83eeb1286f762a77e3b13db
- SHA512
  
  689e051691d19a805d6a3e7b440589b51c145582bf6610d7234386e3a2ca3c257aa2ce7b09392a0cbf6a7f9f5dd42417b8812d1fac59b8e0a3de149d1af8a39d
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware