01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7 | Triage

Submit
Reports

Overview

overview

Static

static

01ceb3445a...a7.exe

windows7_x64

01ceb3445a...a7.exe

windows10-2004_x64

Sharing

General

Target

01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7
Size

384KB
Sample

220523-wg9vdahhd5
MD5

380623574a4955f0cc60f397669f9461
SHA1

39c1bfffe33b24053c54f66620a68b494d8a9d0e
SHA256

01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7
SHA512

d74ba7671937c9703b077765c3cfdda1b294227a227f4d6df5dc69dd60966c67c7a766b018ab58203003cb462c522475693d061f7ec0d1b5db3a2fc29418d2f4

Score

10^/10

persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7.exe

Resource

win7-20220414-en

persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7.exe

Resource

win10v2004-20220414-en

persistence ransomware suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7
- Size
  
  384KB
- MD5
  
  380623574a4955f0cc60f397669f9461
- SHA1
  
  39c1bfffe33b24053c54f66620a68b494d8a9d0e
- SHA256
  
  01ceb3445a65c9eff5fcc0e559ee8616a59c9c0f8fa4576cf51103ce28cbd7a7
- SHA512
  
  d74ba7671937c9703b077765c3cfdda1b294227a227f4d6df5dc69dd60966c67c7a766b018ab58203003cb462c522475693d061f7ec0d1b5db3a2fc29418d2f4
Score

10^/10

persistence ransomware suricata
- suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
  suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomwaresuricata

behavioral2

persistenceransomwaresuricata

© 2018-2024

Terms | Privacy