General

  • Target

    06e3e56153ca25cb9790495f0768e9b615e088f9241ac7f3b974f2e9cd97bd21.sample

  • Size

    60KB

  • Sample

    210726-tramd3yg3j

  • MD5

    eb86699181894931833816e860ab279d

  • SHA1

    e98d1319d2614debebeeabc26616d327950f699e

  • SHA256

    06e3e56153ca25cb9790495f0768e9b615e088f9241ac7f3b974f2e9cd97bd21

  • SHA512

    9b567fbca1cd9720c86bd848a49dc8aeda47104d06be7c4d7189a6a7ec6956c41ee5c40aac49f90067e7ab2e7b65078197b9f9d6c7a5e2c1c52b9ab971a6c714

Malware Config

Targets

    • Target

      06e3e56153ca25cb9790495f0768e9b615e088f9241ac7f3b974f2e9cd97bd21.sample

    • Size

      60KB

    • MD5

      eb86699181894931833816e860ab279d

    • SHA1

      e98d1319d2614debebeeabc26616d327950f699e

    • SHA256

      06e3e56153ca25cb9790495f0768e9b615e088f9241ac7f3b974f2e9cd97bd21

    • SHA512

      9b567fbca1cd9720c86bd848a49dc8aeda47104d06be7c4d7189a6a7ec6956c41ee5c40aac49f90067e7ab2e7b65078197b9f9d6c7a5e2c1c52b9ab971a6c714

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Possible privilege escalation attempt

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hidden Files and Directories

1
T1158

Defense Evasion

File Deletion

2
T1107

File Permissions Modification

1
T1222

Hidden Files and Directories

1
T1158

Impact

Inhibit System Recovery

2
T1490

Tasks