f6445d2ba81a1f1d34600fd9fe7df82dbcdf264f35c7c7b5d9d7f3cc1ac682f1 | Triage

Sharing

General

Target

f6445d2ba81a1f1d34600fd9fe7df82dbcdf264f35c7c7b5d9d7f3cc1ac682f1
Size

554KB
Sample

220520-12wkpseee5
MD5

3ad90c3efdecc0984b6e4b6b411151e5
SHA1

422506ddf8fa1a1056173309e1c42343b2adebb7
SHA256

f6445d2ba81a1f1d34600fd9fe7df82dbcdf264f35c7c7b5d9d7f3cc1ac682f1
SHA512

f37f5110595f4e86e50671300567622e942648bb0f479529c0e15350d4b4fc58854fa54d1dea445569450828039d23d7c3e7221b2fc9a839c7e9e85e78ae6a2d

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  f6445d2ba81a1f1d34600fd9fe7df82dbcdf264f35c7c7b5d9d7f3cc1ac682f1
- Size
  
  554KB
- MD5
  
  3ad90c3efdecc0984b6e4b6b411151e5
- SHA1
  
  422506ddf8fa1a1056173309e1c42343b2adebb7
- SHA256
  
  f6445d2ba81a1f1d34600fd9fe7df82dbcdf264f35c7c7b5d9d7f3cc1ac682f1
- SHA512
  
  f37f5110595f4e86e50671300567622e942648bb0f479529c0e15350d4b4fc58854fa54d1dea445569450828039d23d7c3e7221b2fc9a839c7e9e85e78ae6a2d
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2