a6d128fa03e0eaa64d4f8ca33cd60877e3ea07017118343e488f6f4f756f3e4c | Triage

Sharing

General

Target

a6d128fa03e0eaa64d4f8ca33cd60877e3ea07017118343e488f6f4f756f3e4c
Size

554KB
Sample

220520-2bwnfsabeq
MD5

3d76b704c05db2f5b5a988c365a3bf4a
SHA1

3f63d23d0fa184b52487825e2f38d89d911500d5
SHA256

a6d128fa03e0eaa64d4f8ca33cd60877e3ea07017118343e488f6f4f756f3e4c
SHA512

623aada9be29beeda4398c6160fb1bef0e7b90c4ff010bf4e5e16b8187ec4eb017be34b384ca98c116890562cf7d1625e94e00cbb2c6b1389fca1bd52a347f18

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  a6d128fa03e0eaa64d4f8ca33cd60877e3ea07017118343e488f6f4f756f3e4c
- Size
  
  554KB
- MD5
  
  3d76b704c05db2f5b5a988c365a3bf4a
- SHA1
  
  3f63d23d0fa184b52487825e2f38d89d911500d5
- SHA256
  
  a6d128fa03e0eaa64d4f8ca33cd60877e3ea07017118343e488f6f4f756f3e4c
- SHA512
  
  623aada9be29beeda4398c6160fb1bef0e7b90c4ff010bf4e5e16b8187ec4eb017be34b384ca98c116890562cf7d1625e94e00cbb2c6b1389fca1bd52a347f18
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2