5df0cb600fcc2257243a65ede5cd0154500e20ffd60da89502ac3442c79dadfc | Triage

Sharing

General

Target

5df0cb600fcc2257243a65ede5cd0154500e20ffd60da89502ac3442c79dadfc
Size

554KB
Sample

220521-aj461sdccl
MD5

b3675cf6d3844465e8dee6b001196192
SHA1

d86eb40130cf79310e3698cb97b5c5362df120e0
SHA256

5df0cb600fcc2257243a65ede5cd0154500e20ffd60da89502ac3442c79dadfc
SHA512

6862f2bf787c8b684ba33d3e32387388885eb474fc4765121bc6c80f5cd3c66b3bbe5183ca9e24aa826b1a624f8a782d1be02cd29cee5a30ea0958294a94846e

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  5df0cb600fcc2257243a65ede5cd0154500e20ffd60da89502ac3442c79dadfc
- Size
  
  554KB
- MD5
  
  b3675cf6d3844465e8dee6b001196192
- SHA1
  
  d86eb40130cf79310e3698cb97b5c5362df120e0
- SHA256
  
  5df0cb600fcc2257243a65ede5cd0154500e20ffd60da89502ac3442c79dadfc
- SHA512
  
  6862f2bf787c8b684ba33d3e32387388885eb474fc4765121bc6c80f5cd3c66b3bbe5183ca9e24aa826b1a624f8a782d1be02cd29cee5a30ea0958294a94846e
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2