169393c05b712b1d0e52171b3ff6d112984a790518d680e2d016db6ff80412b5 | Triage

Sharing

General

Target

169393c05b712b1d0e52171b3ff6d112984a790518d680e2d016db6ff80412b5
Size

133KB
Sample

220919-pf6m1agch3
MD5

efb0074c175f069457524725656372ba
SHA1

9da2a4d5a33aac4dee1b5370ceaec4e9ab86df9b
SHA256

169393c05b712b1d0e52171b3ff6d112984a790518d680e2d016db6ff80412b5
SHA512

4144cca7d47acd1d8a955696bb941313275855ca918be96c41b7dcb4dbdd0fe950381218d9c9da727689157db8f51459b29c6895f203f1d390505a61a108f8bb
SSDEEP

768:P3iLhGslMLNqudAXxQ8GFUh6tRPNXyzxcxwqZGSpa12qWScgRtYcFwVc6K:P3itRJQjUho9JdZ582qcgBwVcl

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  169393c05b712b1d0e52171b3ff6d112984a790518d680e2d016db6ff80412b5
- Size
  
  133KB
- MD5
  
  efb0074c175f069457524725656372ba
- SHA1
  
  9da2a4d5a33aac4dee1b5370ceaec4e9ab86df9b
- SHA256
  
  169393c05b712b1d0e52171b3ff6d112984a790518d680e2d016db6ff80412b5
- SHA512
  
  4144cca7d47acd1d8a955696bb941313275855ca918be96c41b7dcb4dbdd0fe950381218d9c9da727689157db8f51459b29c6895f203f1d390505a61a108f8bb
- SSDEEP
  
  768:P3iLhGslMLNqudAXxQ8GFUh6tRPNXyzxcxwqZGSpa12qWScgRtYcFwVc6K:P3itRJQjUho9JdZ582qcgBwVcl
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware