267ea3542987795c6e34298e5e43efbd9681db006901aecd23824122a810e437 | Triage

Sharing

General

Target

267ea3542987795c6e34298e5e43efbd9681db006901aecd23824122a810e437
Size

286KB
Sample

221123-r4rvvsdc9y
MD5

5cb43bf4b7e5329caa8d51f59f8774d5
SHA1

5cf6138ddfba03f6922e15894f47a23e69bebc2c
SHA256

267ea3542987795c6e34298e5e43efbd9681db006901aecd23824122a810e437
SHA512

9858b482d9c82f50f683ec6dbb48ebb937af8cf515cf6be0b933b1873fad3708d506d421376593cbcd01e606efc61e01886c66f9dc2704d6c2d97727e0960081
SSDEEP

3072:dRbZEXlwNqK5HzGyx6jZ8UA7z9YP3vYcghUg1ObLt:d1dqNT3JghS5

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  267ea3542987795c6e34298e5e43efbd9681db006901aecd23824122a810e437
- Size
  
  286KB
- MD5
  
  5cb43bf4b7e5329caa8d51f59f8774d5
- SHA1
  
  5cf6138ddfba03f6922e15894f47a23e69bebc2c
- SHA256
  
  267ea3542987795c6e34298e5e43efbd9681db006901aecd23824122a810e437
- SHA512
  
  9858b482d9c82f50f683ec6dbb48ebb937af8cf515cf6be0b933b1873fad3708d506d421376593cbcd01e606efc61e01886c66f9dc2704d6c2d97727e0960081
- SSDEEP
  
  3072:dRbZEXlwNqK5HzGyx6jZ8UA7z9YP3vYcghUg1ObLt:d1dqNT3JghS5
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2