aa02c774182b612a1123b73b853c921bc27696d97470aaaa10f7bc3ac01ecdf1 | Triage

Sharing

General

Target

aa02c774182b612a1123b73b853c921bc27696d97470aaaa10f7bc3ac01ecdf1
Size

623KB
Sample

210511-jn6a7kwqaa
MD5

00e7713c90a8b8a9a74ed4db919091c3
SHA1

19f0ff155a4cd121a11cc1d15050f744a5153509
SHA256

aa02c774182b612a1123b73b853c921bc27696d97470aaaa10f7bc3ac01ecdf1
SHA512

8ad5756d0fb396d64408723ff29c06783c2b7c92d75478f50460216746449c012031f7f5d83f61aed36aa0cd3521de35a7ae7118c45199c4e78b9f1fbef5e234

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  aa02c774182b612a1123b73b853c921bc27696d97470aaaa10f7bc3ac01ecdf1
- Size
  
  623KB
- MD5
  
  00e7713c90a8b8a9a74ed4db919091c3
- SHA1
  
  19f0ff155a4cd121a11cc1d15050f744a5153509
- SHA256
  
  aa02c774182b612a1123b73b853c921bc27696d97470aaaa10f7bc3ac01ecdf1
- SHA512
  
  8ad5756d0fb396d64408723ff29c06783c2b7c92d75478f50460216746449c012031f7f5d83f61aed36aa0cd3521de35a7ae7118c45199c4e78b9f1fbef5e234
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Hidden Files and Directories

Bypass User Account Control

Disabling Security Tools

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan