49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297 | Triage

Sharing

General

Target

49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297
Size

504KB
Sample

221011-ntvxzscgcp
MD5

63af7fee2f39d6064aa58cd616f97400
SHA1

a82451a52cc6d59acc301c8dbd4f9c30c1884f4e
SHA256

49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297
SHA512

51471996cca503e9523dd084c65ba0c9a431c0dd262ae1d60cb4214343e20bd4acbc7a4e9c8884c692a074113089c8cdaf5e7eedd267f1ebb90699f14a92a14e
SSDEEP

12288:LFA01s79ob0Ux+DMzyAtP5Q5xEzCIyVHkZvFZT/jD5m69:nO9oAa9yV5xEzCXVHINZo69

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297
- Size
  
  504KB
- MD5
  
  63af7fee2f39d6064aa58cd616f97400
- SHA1
  
  a82451a52cc6d59acc301c8dbd4f9c30c1884f4e
- SHA256
  
  49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297
- SHA512
  
  51471996cca503e9523dd084c65ba0c9a431c0dd262ae1d60cb4214343e20bd4acbc7a4e9c8884c692a074113089c8cdaf5e7eedd267f1ebb90699f14a92a14e
- SSDEEP
  
  12288:LFA01s79ob0Ux+DMzyAtP5Q5xEzCIyVHkZvFZT/jD5m69:nO9oAa9yV5xEzCXVHINZo69
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan