78b55ce394011b701be630417507f517df542361758ca2ab4c135023e2566c51 | Triage

Sharing

General

Target

78b55ce394011b701be630417507f517df542361758ca2ab4c135023e2566c51
Size

554KB
Sample

220520-175essegh5
MD5

9038c0bfcb41767a7b8d1a46652d53e2
SHA1

372dea083bcbbe7f494992f92b5559cf2dab11c7
SHA256

78b55ce394011b701be630417507f517df542361758ca2ab4c135023e2566c51
SHA512

66c153d4e7de01de62775eb57f839f72bb185cb76e82cc12ff875287232fb8d9798bef909d94f10e43f766c0317988a98aa03ff7444b1ba97a5aeebe0858aa3d

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  78b55ce394011b701be630417507f517df542361758ca2ab4c135023e2566c51
- Size
  
  554KB
- MD5
  
  9038c0bfcb41767a7b8d1a46652d53e2
- SHA1
  
  372dea083bcbbe7f494992f92b5559cf2dab11c7
- SHA256
  
  78b55ce394011b701be630417507f517df542361758ca2ab4c135023e2566c51
- SHA512
  
  66c153d4e7de01de62775eb57f839f72bb185cb76e82cc12ff875287232fb8d9798bef909d94f10e43f766c0317988a98aa03ff7444b1ba97a5aeebe0858aa3d
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2