6ff9e926cb8b4d46ecd8ab3a528f936118ba2ca6dac92db424e409dbf085d05d | Triage

Sharing

General

Target

6ff9e926cb8b4d46ecd8ab3a528f936118ba2ca6dac92db424e409dbf085d05d
Size

554KB
Sample

220520-2epdjsacgq
MD5

f69afeef3af6c00e78e9e390ce575fe3
SHA1

2c2fa4b21f63029416adcc58a39e3eaecbaa7476
SHA256

6ff9e926cb8b4d46ecd8ab3a528f936118ba2ca6dac92db424e409dbf085d05d
SHA512

3b3322765552acacba36569ef41f6a49cdca1b7e7fd677f314c5eeba67b5eb4a7190e5bdce208a35f7d6b367e4b1b800c71e7b758125a26df098a492b0b982e0

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  6ff9e926cb8b4d46ecd8ab3a528f936118ba2ca6dac92db424e409dbf085d05d
- Size
  
  554KB
- MD5
  
  f69afeef3af6c00e78e9e390ce575fe3
- SHA1
  
  2c2fa4b21f63029416adcc58a39e3eaecbaa7476
- SHA256
  
  6ff9e926cb8b4d46ecd8ab3a528f936118ba2ca6dac92db424e409dbf085d05d
- SHA512
  
  3b3322765552acacba36569ef41f6a49cdca1b7e7fd677f314c5eeba67b5eb4a7190e5bdce208a35f7d6b367e4b1b800c71e7b758125a26df098a492b0b982e0
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2