44ae0904140406c27f19f8f08f67a5b5ee71732cbc47be27254f220626f3869e | Triage

Sharing

General

Target

44ae0904140406c27f19f8f08f67a5b5ee71732cbc47be27254f220626f3869e
Size

1.3MB
Sample

221003-bp95wsade8
MD5

6f01323ee67517514dd4896c1ca994d0
SHA1

a35465e77ba37f80eac763cbde264ad45b049aa9
SHA256

44ae0904140406c27f19f8f08f67a5b5ee71732cbc47be27254f220626f3869e
SHA512

bb2c552ae49a31087f96d62a3b0de87c3eee367eb6a8aab815c5f7efeebe0c2add5c7be732d95b9d3744cf0ccd4c0f5eee87a3d25a783b5434f6ea5eb32816b1
SSDEEP

24576:nsNECLHleGdLFEWRlfDZNxZxtJqnTstg6JhzoMfPXaN0ewFxVjE0kAxquOEEKgAe:nsJleGdLFHjbvxZLwnTst90xgpKU97he

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  44ae0904140406c27f19f8f08f67a5b5ee71732cbc47be27254f220626f3869e
- Size
  
  1.3MB
- MD5
  
  6f01323ee67517514dd4896c1ca994d0
- SHA1
  
  a35465e77ba37f80eac763cbde264ad45b049aa9
- SHA256
  
  44ae0904140406c27f19f8f08f67a5b5ee71732cbc47be27254f220626f3869e
- SHA512
  
  bb2c552ae49a31087f96d62a3b0de87c3eee367eb6a8aab815c5f7efeebe0c2add5c7be732d95b9d3744cf0ccd4c0f5eee87a3d25a783b5434f6ea5eb32816b1
- SSDEEP
  
  24576:nsNECLHleGdLFEWRlfDZNxZxtJqnTstg6JhzoMfPXaN0ewFxVjE0kAxquOEEKgAe:nsJleGdLFHjbvxZLwnTst90xgpKU97he
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2