c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7 | Triage

Sharing

General

Target

c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7
Size

442KB
Sample

221123-zljersdb46
MD5

6fb99593905840cf95ab2364c4c87d63
SHA1

8d0aafee1cabe7b6cc0caf93ffafd3da3bff8b9b
SHA256

c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7
SHA512

ed5da6f84c3627b740a153db5a86facf23710bfd2f83aafbfe8fc64098823cfec27909cbcf9d80d0ae17c32d928e5dc91a8481973c2ec22436e6e30bd9d32a5d
SSDEEP

6144:8joxeLzWAedqagVnGxqFL9hCPFvuE/pvj3hGUdXZGKb1T7oPFkCs1QBPY4:VxeHWAIMicCR/FHXZtSj

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7
- Size
  
  442KB
- MD5
  
  6fb99593905840cf95ab2364c4c87d63
- SHA1
  
  8d0aafee1cabe7b6cc0caf93ffafd3da3bff8b9b
- SHA256
  
  c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7
- SHA512
  
  ed5da6f84c3627b740a153db5a86facf23710bfd2f83aafbfe8fc64098823cfec27909cbcf9d80d0ae17c32d928e5dc91a8481973c2ec22436e6e30bd9d32a5d
- SSDEEP
  
  6144:8joxeLzWAedqagVnGxqFL9hCPFvuE/pvj3hGUdXZGKb1T7oPFkCs1QBPY4:VxeHWAIMicCR/FHXZtSj
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2