18847481617919def623838bdc4b92bab61eefa48240bb75d9524a386116f261 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18847481617919def623838bdc4b92bab61eefa48240bb75d9524a386116f261
Size

342KB
Sample

221030-qq4rtscea4
MD5

a3b398f475ab038fb838f5f8e54d7faf
SHA1

de81525eeb94f703a53955eb990223014c9186e0
SHA256

18847481617919def623838bdc4b92bab61eefa48240bb75d9524a386116f261
SHA512

f22a35996d6cfb61e2f6077b25f985de58774c803a24e19dccd02d43224355f047bb4e4f61390ee183924d448e74441a4a8b7f013e155b79a7b8ef08fe5749f1
SSDEEP

6144:Oq4zFMa9vCxpkER0GzeIwzGsD68wILpvxOmeaRt4ajFjWCnQH1:OJZMa9axpR0GzeI2D68wILpvxZRZA5

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  18847481617919def623838bdc4b92bab61eefa48240bb75d9524a386116f261
- Size
  
  342KB
- MD5
  
  a3b398f475ab038fb838f5f8e54d7faf
- SHA1
  
  de81525eeb94f703a53955eb990223014c9186e0
- SHA256
  
  18847481617919def623838bdc4b92bab61eefa48240bb75d9524a386116f261
- SHA512
  
  f22a35996d6cfb61e2f6077b25f985de58774c803a24e19dccd02d43224355f047bb4e4f61390ee183924d448e74441a4a8b7f013e155b79a7b8ef08fe5749f1
- SSDEEP
  
  6144:Oq4zFMa9vCxpkER0GzeIwzGsD68wILpvxOmeaRt4ajFjWCnQH1:OJZMa9axpR0GzeI2D68wILpvxZRZA5
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2