edf36af2b6f1dba4d4e57f4ce2fbb67693cfb81bd823a9d306f802cf0ea6d084 | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.etvb-edf36af2b6f1dba4d4e57f4ce2fbb67693cfb81bd823a9d306f802cf0ea6d084
Size

214KB
Sample

221106-ymd11ahfe8
MD5

17b08e8e7e92a243d7dc68a2f27dfb73
SHA1

adc73d06e4cfaa2548914c0d44a63bcd26f219ad
SHA256

edf36af2b6f1dba4d4e57f4ce2fbb67693cfb81bd823a9d306f802cf0ea6d084
SHA512

b8a869695d2fcad6aab507815dde500759256af1d1f5df0cefe5a8ab5b1e07fb27481954cb18faa8f7c1e86f20d86332b45f04be5cf6eeaa814a2e758acc7bda
SSDEEP

3072:ctjLKxbA3zrIL701RCawZowcNlnBflHXFo+jIIH8/SkP8yDG:ctjWxbczG4XMoxnBLFIj/my6

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.etvb-edf36af2b6f1dba4d4e57f4ce2fbb67693cfb81bd823a9d306f802cf0ea6d084
- Size
  
  214KB
- MD5
  
  17b08e8e7e92a243d7dc68a2f27dfb73
- SHA1
  
  adc73d06e4cfaa2548914c0d44a63bcd26f219ad
- SHA256
  
  edf36af2b6f1dba4d4e57f4ce2fbb67693cfb81bd823a9d306f802cf0ea6d084
- SHA512
  
  b8a869695d2fcad6aab507815dde500759256af1d1f5df0cefe5a8ab5b1e07fb27481954cb18faa8f7c1e86f20d86332b45f04be5cf6eeaa814a2e758acc7bda
- SSDEEP
  
  3072:ctjLKxbA3zrIL701RCawZowcNlnBflHXFo+jIIH8/SkP8yDG:ctjWxbczG4XMoxnBLFIj/my6
Score

8^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2