cd1f5c8ec7be164ae3d70ca50c118e9a270996f9f20c51ede383a96d849c9c52 | Triage

Resubmissions

13-01-2022 13:01

220113-p9l6fsace2 10

13-01-2022 11:09

220113-m9h3pahfhp 10

Sharing

General

Target

cd1f5c8ec7be164ae3d70ca50c118e9a270996f9f20c51ede383a96d849c9c52
Size

2.5MB
Sample

220113-m9h3pahfhp
MD5

9c156aff00fc0ac66ed918d000041932
SHA1

f2fc2bade3f0447ff68bf2c00dadcce1a966b4a0
SHA256

cd1f5c8ec7be164ae3d70ca50c118e9a270996f9f20c51ede383a96d849c9c52
SHA512

43834c400a1a4fb83db8c16332345c86b1e568d45944b31721e9098f00dfe3be731d0661c02e103a4179cf8f35771d842d4dfa36aefd1a60f6577448f2600b02

Score

10^/10

evasion ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  cd1f5c8ec7be164ae3d70ca50c118e9a270996f9f20c51ede383a96d849c9c52
- Size
  
  2.5MB
- MD5
  
  9c156aff00fc0ac66ed918d000041932
- SHA1
  
  f2fc2bade3f0447ff68bf2c00dadcce1a966b4a0
- SHA256
  
  cd1f5c8ec7be164ae3d70ca50c118e9a270996f9f20c51ede383a96d849c9c52
- SHA512
  
  43834c400a1a4fb83db8c16332345c86b1e568d45944b31721e9098f00dfe3be731d0661c02e103a4179cf8f35771d842d4dfa36aefd1a60f6577448f2600b02
Score

10^/10

evasion ransomware spyware stealer trojan
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Clears Windows event logs
  evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

File Deletion

Impair Defenses

Indicator Removal on Host

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomwarespywarestealertrojan

behavioral2

evasionransomwaretrojan