d1ce3bcf1daa67c84b4fb2aba183c1e7e39538ceed4517b9bc2ee0ace1c87142 | Triage

Sharing

General

Target

5345720633425920.zip
Size

35KB
Sample

210415-be8fgc7w6a
MD5

a9af26ca6a8705d6623dc0723d92e696
SHA1

b56772595ef98bfa3c9fdeaae41a418d5ae257ac
SHA256

d1ce3bcf1daa67c84b4fb2aba183c1e7e39538ceed4517b9bc2ee0ace1c87142
SHA512

035f75a0ee124465a05649be0da2e5ba52ba01de5a1a307e2750921822438d33b7b62982001abdbefc840e7e8b61c008d814b0fec6fe8386c8e027a28feaa838

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  04d7a39f48372981d96a9c4b2806fd5485f29ef7f51b9d18d479a8089ae6b26b
- Size
  
  145KB
- MD5
  
  97342e82b73e42906a215964333087c4
- SHA1
  
  a599e3d0ffe33237aa7652df1e7e02cfaec62569
- SHA256
  
  04d7a39f48372981d96a9c4b2806fd5485f29ef7f51b9d18d479a8089ae6b26b
- SHA512
  
  e62b7aca16f905f05519e5db4563e82ace28b78ebe75c84f642bb8ef044a9df647705167b81c17b0644b862c240225c8bd107052f901bf888a6add65cd62b78a
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware