d1b1f52ea8a58a52734e8e5a87838cbc1b0cdc277194a5390912127b1f1a208d | Triage

Resubmissions

12-01-2022 20:48

220112-zlnz9adhf2 10

12-01-2022 19:37

220112-yb5pksdgc6 10

12-01-2022 19:25

220112-x5evksdgdl 10

12-01-2022 16:50

220112-vb8jpadcc4 10

Sharing

General

Target

cce2ebba7447792f1a3734d567fcce244332b6767f40beace68ad5dfded51fcf.7z
Size

837KB
Sample

220112-yb5pksdgc6
MD5

c1978cde7aefad43f70e6e52041bfd9d
SHA1

b531db00285e5e78167659dccbe1ed38bf3472c0
SHA256

d1b1f52ea8a58a52734e8e5a87838cbc1b0cdc277194a5390912127b1f1a208d
SHA512

86bc16005c613c95fbb67c984a0c4e1ab5bd75d165a120b972f1400f0bf2b95f40ec2ed99f881eab0ab7c01e8c068dc7e721cf1b509eb54abe2ab3e829a11a8e

Score

10^/10

evasion ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  cce2ebba7447792f1a3734d567fcce244332b6767f40beace68ad5dfded51fcf
- Size
  
  2.6MB
- MD5
  
  47f540350b1d360403225d146cc7fbb8
- SHA1
  
  43ad25b99cb47c7367b1703315402bb9e4970590
- SHA256
  
  cce2ebba7447792f1a3734d567fcce244332b6767f40beace68ad5dfded51fcf
- SHA512
  
  91387685946beb65cddbc62b19102a1135511563bd84f24cacc402a1e5a1afb750887fa9d50e7120acd23ae27af53669a45fc48363c000b7f2ffb777036019ce
Score

10^/10

evasion ransomware spyware stealer trojan
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Clears Windows event logs
  evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

File Deletion

Impair Defenses

Indicator Removal on Host

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomwarespywarestealertrojan

behavioral2

evasionransomwaretrojan