47f5c7a0c27b925d9c1513ac73eecab3953327beda396fea0b2bbbe15467cb90 | Triage

Sharing

General

Target

HEUR-Trojan.MSIL.Diztakun.gen-47f5c7a0c27b925d9c1513ac73eecab3953327beda396fea0b2bbbe15467cb90.exe
Size

218KB
Sample

220925-vdzdssfdg5
MD5

325229663face78b4494f54eb2c77524
SHA1

00d64f749b359ec6d304cbd918118755762ddaa5
SHA256

47f5c7a0c27b925d9c1513ac73eecab3953327beda396fea0b2bbbe15467cb90
SHA512

83fc59059ed4a03ae0b7b592d4b5fa15bc70180a5a792ad8f8b68c2d0c42556ea1f257e38aab2229dd640aced588998460ffea75c02243d61b477bce74c1f5d0
SSDEEP

6144:aZSNIPmoXWBoqiNab5jYDy375Qvq5ybpaJDr:hiPyBj5jGy3FkNwJv

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  HEUR-Trojan.MSIL.Diztakun.gen-47f5c7a0c27b925d9c1513ac73eecab3953327beda396fea0b2bbbe15467cb90.exe
- Size
  
  218KB
- MD5
  
  325229663face78b4494f54eb2c77524
- SHA1
  
  00d64f749b359ec6d304cbd918118755762ddaa5
- SHA256
  
  47f5c7a0c27b925d9c1513ac73eecab3953327beda396fea0b2bbbe15467cb90
- SHA512
  
  83fc59059ed4a03ae0b7b592d4b5fa15bc70180a5a792ad8f8b68c2d0c42556ea1f257e38aab2229dd640aced588998460ffea75c02243d61b477bce74c1f5d0
- SSDEEP
  
  6144:aZSNIPmoXWBoqiNab5jYDy375Qvq5ybpaJDr:hiPyBj5jGy3FkNwJv
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware