38687ba43a7985f681919df62c40e848e0d7f663ab01f2036f250400eecda131 | Triage

Sharing

General

Target

38687ba43a7985f681919df62c40e848e0d7f663ab01f2036f250400eecda131
Size

639KB
Sample

221004-d1hk5aagep
MD5

589dbede3625d0fd43edb065b960d810
SHA1

803b7f8a439d024984f96f5c670cdcbf3d35d00e
SHA256

38687ba43a7985f681919df62c40e848e0d7f663ab01f2036f250400eecda131
SHA512

58261cdbb8770e05e614a0b97a8c975adbe8303966246fc4d3f4b2d73ae2797e6484c54a9d667d23595e273fa3dc01754ac43725595718c597fee4b45b2ca2ab
SSDEEP

12288:YMu3qmIifAhqDX2GrMEMRfrKnpth0WA80c3xjAfOvNa:f05DX2Go1RMLhEw8WM

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  38687ba43a7985f681919df62c40e848e0d7f663ab01f2036f250400eecda131
- Size
  
  639KB
- MD5
  
  589dbede3625d0fd43edb065b960d810
- SHA1
  
  803b7f8a439d024984f96f5c670cdcbf3d35d00e
- SHA256
  
  38687ba43a7985f681919df62c40e848e0d7f663ab01f2036f250400eecda131
- SHA512
  
  58261cdbb8770e05e614a0b97a8c975adbe8303966246fc4d3f4b2d73ae2797e6484c54a9d667d23595e273fa3dc01754ac43725595718c597fee4b45b2ca2ab
- SSDEEP
  
  12288:YMu3qmIifAhqDX2GrMEMRfrKnpth0WA80c3xjAfOvNa:f05DX2Go1RMLhEw8WM
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan