87300e6563c7ac9d8d758b219d135fb8b84a7788419a0ddd8c3470cc1e739eae | Triage

Submit
Reports

Overview

overview

Static

static

NoFile.exe

windows7_x64

NoFile.exe

windows10-2004_x64

Resubmissions

06-02-2022 09:21

220206-lbgarshbe9 10

06-02-2022 09:18

220206-k9rcyshcfn 10

Sharing

General

Target

NoFile.exe
Size

2.2MB
Sample

220206-k9rcyshcfn
MD5

7d1ed67b77f47ba8aadf9a3ac7d0c371
SHA1

a598e6708c189caeef1fa76064feb4d0155abb3d
SHA256

87300e6563c7ac9d8d758b219d135fb8b84a7788419a0ddd8c3470cc1e739eae
SHA512

17e468ba87f06c599b40b2dc8256bacfcfeb53cde8ac48b77d61f2c5a074b9cbe19e27e71029c67960d18af886813fc2c1b2b5afd89ae25147b179c233f120f9

Score

10^/10

evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

NoFile.exe

Resource

win7-en-20211208

evasion persistence ransomware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NoFile.exe

Resource

win10v2004-en-20220112

evasion persistence ransomware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  NoFile.exe
- Size
  
  2.2MB
- MD5
  
  7d1ed67b77f47ba8aadf9a3ac7d0c371
- SHA1
  
  a598e6708c189caeef1fa76064feb4d0155abb3d
- SHA256
  
  87300e6563c7ac9d8d758b219d135fb8b84a7788419a0ddd8c3470cc1e739eae
- SHA512
  
  17e468ba87f06c599b40b2dc8256bacfcfeb53cde8ac48b77d61f2c5a074b9cbe19e27e71029c67960d18af886813fc2c1b2b5afd89ae25147b179c233f120f9
Score

10^/10

evasion persistence ransomware trojan
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy