a3ce160ab8b9abce8950ff343b0986fbbb0b2375c27f05a9c9d484eaf50d04e5 | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.ikyf-a3ce160ab8b9abce8950ff343b0986fbbb0b2375c27f05a9c9d484eaf50d04e5
Size

95KB
Sample

221107-ang72shdc3
MD5

175c2abe686fd8ca92f39593b1098ebf
SHA1

d05559a2d56614ba6ada339185b81f0f0fd6f05c
SHA256

a3ce160ab8b9abce8950ff343b0986fbbb0b2375c27f05a9c9d484eaf50d04e5
SHA512

2f255a690852fc35dec66fee12c50de5ce42d36f7a31e2f0192ab99e6c5da90f89a2ac4af912f6b60f050257c5dea731567285fce1bce6c5b6cd69674329dc82
SSDEEP

1536:t72pKpe+UKL73qUgaCfN5ZHxxf3xokoReZTDiDfehGRUpyUJjW9ZmvvdYXkoGL:F2pKJxqPXuR0DGGpdKwdYXko

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.ikyf-a3ce160ab8b9abce8950ff343b0986fbbb0b2375c27f05a9c9d484eaf50d04e5
- Size
  
  95KB
- MD5
  
  175c2abe686fd8ca92f39593b1098ebf
- SHA1
  
  d05559a2d56614ba6ada339185b81f0f0fd6f05c
- SHA256
  
  a3ce160ab8b9abce8950ff343b0986fbbb0b2375c27f05a9c9d484eaf50d04e5
- SHA512
  
  2f255a690852fc35dec66fee12c50de5ce42d36f7a31e2f0192ab99e6c5da90f89a2ac4af912f6b60f050257c5dea731567285fce1bce6c5b6cd69674329dc82
- SSDEEP
  
  1536:t72pKpe+UKL73qUgaCfN5ZHxxf3xokoReZTDiDfehGRUpyUJjW9ZmvvdYXkoGL:F2pKJxqPXuR0DGGpdKwdYXko
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2