c74b7898f97f823a4bf387ac39a6e376e8d412ad64e73fae59f06e10a1d0efa8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.eqms-c74b7898f97f823a4bf387ac39a6e376e8d412ad64e73fae59f06e10a1d0efa8
Size

700KB
Sample

221106-yfm1bshdf9
MD5

11a99eb308cf8f78d0d804bc0975ee36
SHA1

d124d39c7985ea5a0202e2beb3d512af673917a3
SHA256

c74b7898f97f823a4bf387ac39a6e376e8d412ad64e73fae59f06e10a1d0efa8
SHA512

28887980f73ea6a06e8f2fd0d67cc62aa948a7223f631fd066c8dcee1c77f1d2989ccca26fd257e1f1d486987fd923f129271615bc75e641370a40ee2c07cdc4
SSDEEP

12288:ENIQAPGsAqY9IMVYd38sJdpQHs5lY8Kfg1pMJzQvTEvGb0l7e7Zi3wasuU:FPGSY91VwNJcM3qgTBTEs0l603wLP

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.eqms-c74b7898f97f823a4bf387ac39a6e376e8d412ad64e73fae59f06e10a1d0efa8
- Size
  
  700KB
- MD5
  
  11a99eb308cf8f78d0d804bc0975ee36
- SHA1
  
  d124d39c7985ea5a0202e2beb3d512af673917a3
- SHA256
  
  c74b7898f97f823a4bf387ac39a6e376e8d412ad64e73fae59f06e10a1d0efa8
- SHA512
  
  28887980f73ea6a06e8f2fd0d67cc62aa948a7223f631fd066c8dcee1c77f1d2989ccca26fd257e1f1d486987fd923f129271615bc75e641370a40ee2c07cdc4
- SSDEEP
  
  12288:ENIQAPGsAqY9IMVYd38sJdpQHs5lY8Kfg1pMJzQvTEvGb0l7e7Zi3wasuU:FPGSY91VwNJcM3qgTBTEs0l603wLP
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2