General

  • Target

    c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7

  • Size

    442KB

  • Sample

    221123-zljersdb46

  • MD5

    6fb99593905840cf95ab2364c4c87d63

  • SHA1

    8d0aafee1cabe7b6cc0caf93ffafd3da3bff8b9b

  • SHA256

    c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7

  • SHA512

    ed5da6f84c3627b740a153db5a86facf23710bfd2f83aafbfe8fc64098823cfec27909cbcf9d80d0ae17c32d928e5dc91a8481973c2ec22436e6e30bd9d32a5d

  • SSDEEP

    6144:8joxeLzWAedqagVnGxqFL9hCPFvuE/pvj3hGUdXZGKb1T7oPFkCs1QBPY4:VxeHWAIMicCR/FHXZtSj

Malware Config

Targets

    • Target

      c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7

    • Size

      442KB

    • MD5

      6fb99593905840cf95ab2364c4c87d63

    • SHA1

      8d0aafee1cabe7b6cc0caf93ffafd3da3bff8b9b

    • SHA256

      c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7

    • SHA512

      ed5da6f84c3627b740a153db5a86facf23710bfd2f83aafbfe8fc64098823cfec27909cbcf9d80d0ae17c32d928e5dc91a8481973c2ec22436e6e30bd9d32a5d

    • SSDEEP

      6144:8joxeLzWAedqagVnGxqFL9hCPFvuE/pvj3hGUdXZGKb1T7oPFkCs1QBPY4:VxeHWAIMicCR/FHXZtSj

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks