df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc | Triage

Sharing

General

Target

df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc
Size

992KB
Sample

221001-vy8g7sheel
MD5

728c92b937610a7631c30e65b92f6790
SHA1

47e9fd333ab90625cfcb5e7f9563a40bf8eda104
SHA256

df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc
SHA512

af71486076d8f56c01d5d81b1f22df8b6081ec910b1a112fbd77e76c8b38b29ce31691627efb6bcde15e8917ced08c77b0de219d1136062742c16d36697e6a83
SSDEEP

24576:jrxLy1t/JHIYIbwayccc5Yk1GRxVEvWEsEfB4:ZG1FJHIR15YkgnVEvsEfi

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc
- Size
  
  992KB
- MD5
  
  728c92b937610a7631c30e65b92f6790
- SHA1
  
  47e9fd333ab90625cfcb5e7f9563a40bf8eda104
- SHA256
  
  df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc
- SHA512
  
  af71486076d8f56c01d5d81b1f22df8b6081ec910b1a112fbd77e76c8b38b29ce31691627efb6bcde15e8917ced08c77b0de219d1136062742c16d36697e6a83
- SSDEEP
  
  24576:jrxLy1t/JHIYIbwayccc5Yk1GRxVEvWEsEfB4:ZG1FJHIR15YkgnVEvsEfi
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan