f84850c07f50d03b693d8dce2285e3e264a1bd0a49861b600afcdf423b7718b1 | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.ebek-f84850c07f50d03b693d8dce2285e3e264a1bd0a49861b600afcdf423b7718b1
Size

294KB
Sample

221106-xq7xtagdb7
MD5

47d8062a27afe7a6a44746fc43f49508
SHA1

3cc8a31fd16992172673aa5270b82f421c9318aa
SHA256

f84850c07f50d03b693d8dce2285e3e264a1bd0a49861b600afcdf423b7718b1
SHA512

b28392919b387c3a3560143d8279353dbee87430995da279a4dd96893ea6afb0ea8fb414d7fe27e3563cae01eb7a26f7555cda93a58e1892f2b6a5e2bfca1f86
SSDEEP

6144:PjEULBbORScrnlJbE12nseJkXyIhh/rfAdSCph9O0hv9qH3:PgXZrnbHshXyOTf6z3brC

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  osn.exe
- Size
  
  426KB
- MD5
  
  7990a08facbe1c8c5a673aee28de308a
- SHA1
  
  940bf5f40d0dd3b47b732d66d9bfae33e01d5d0f
- SHA256
  
  5aabccffcd5fe39c601e91a3c84f24854ce3aacc07321c1a09054942ab7aaa41
- SHA512
  
  8598137aa03f6c5ef48b5d370e9ba0d51386660c9de00c9ec051710adae204e150b259a31adde2f1d64dc1bf94707d515629992dc62020a5db8fd1721450336d
- SSDEEP
  
  6144:yZDNxWGx7Dsgz5Z7aZgYvhzmi7UDXTKFtwIjH1VdRQ/vqkg1gEagdQH:zG7DZJaZgIhzmmUTKFTj1V7uikFg
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence