5498945d745d09948fd4328f7da6d71ae442e0e80242dd5f66a247e30d40a22e | Triage

Sharing

General

Target

5498945d745d09948fd4328f7da6d71ae442e0e80242dd5f66a247e30d40a22e
Size

452KB
Sample

221123-rl9mysca3v
MD5

a7199d2ff40258ac7427ce9b513fe3fe
SHA1

a9eecc7ad31d4d57cb6ff57b1588f18e4830bcc2
SHA256

5498945d745d09948fd4328f7da6d71ae442e0e80242dd5f66a247e30d40a22e
SHA512

26a5d17a002f5c4b5c6019d29d4c45516a204df86f2c9d1f5495219ab6baacd77643075915a839053058cbbd3ed547c43cd9228698e31975536144e0da4df8ae
SSDEEP

12288:rj93DcSMTXXAi7bCqoEozFGPCUo0G9o5/AWZn+j:9TXri7bNoFzwPCUor9KVEj

Score

9^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  5498945d745d09948fd4328f7da6d71ae442e0e80242dd5f66a247e30d40a22e
- Size
  
  452KB
- MD5
  
  a7199d2ff40258ac7427ce9b513fe3fe
- SHA1
  
  a9eecc7ad31d4d57cb6ff57b1588f18e4830bcc2
- SHA256
  
  5498945d745d09948fd4328f7da6d71ae442e0e80242dd5f66a247e30d40a22e
- SHA512
  
  26a5d17a002f5c4b5c6019d29d4c45516a204df86f2c9d1f5495219ab6baacd77643075915a839053058cbbd3ed547c43cd9228698e31975536144e0da4df8ae
- SSDEEP
  
  12288:rj93DcSMTXXAi7bCqoEozFGPCUo0G9o5/AWZn+j:9TXri7bNoFzwPCUor9KVEj
Score

9^/10

evasion persistence ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2