54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351 | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.fval-54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351
Size

159KB
Sample

221106-1rvknafdap
MD5

dc5c71aef24a5899f63c3f9c15993697
SHA1

2905771c826c7d9f183c73d6e97c990c022f1ef8
SHA256

54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351
SHA512

f2ed34207c9f8381fcd0069c268dc3bdd4a1f7d57ea339362f23522c1157d6a9ec8c2489c5a2cca90b4213a3ed91182f94cfd45c04750d74851fdca7b1ac9f02
SSDEEP

3072:QXKzYpRZUWtMLQ3qn8JZFHWFxxxIwL0OgYe3Wwiku:QXk2RPWQ3q8/OxjL0o3Hku

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.fval-54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351
- Size
  
  159KB
- MD5
  
  dc5c71aef24a5899f63c3f9c15993697
- SHA1
  
  2905771c826c7d9f183c73d6e97c990c022f1ef8
- SHA256
  
  54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351
- SHA512
  
  f2ed34207c9f8381fcd0069c268dc3bdd4a1f7d57ea339362f23522c1157d6a9ec8c2489c5a2cca90b4213a3ed91182f94cfd45c04750d74851fdca7b1ac9f02
- SSDEEP
  
  3072:QXKzYpRZUWtMLQ3qn8JZFHWFxxxIwL0OgYe3Wwiku:QXk2RPWQ3q8/OxjL0o3Hku
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2