fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625 | Triage

Sharing

General

Target

fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625
Size

180KB
Sample

221124-e5cfcahc89
MD5

3d34ad07ceef484203039b24c0afb130
SHA1

fe286a6c15d75f3cfafa8dc8a59486e5f124153e
SHA256

fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625
SHA512

c663b2260846ac7c8b9cafcd4806426ce11df1a7be301a9c538a4bfb9a831ea30c3bcfa1372208aec2338f7adfe3a7868acb5bb576fdd0e7985b2c5a6f65e91d
SSDEEP

3072:Nl78Y88m4KKxLO7gB8JTV+M6COKOwY7rUJ0l:Tj88RKoLOs4/e7rUCl

Score

7^/10

persistence ransomware

Malware Config

Targets

- Target
  
  fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625
- Size
  
  180KB
- MD5
  
  3d34ad07ceef484203039b24c0afb130
- SHA1
  
  fe286a6c15d75f3cfafa8dc8a59486e5f124153e
- SHA256
  
  fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625
- SHA512
  
  c663b2260846ac7c8b9cafcd4806426ce11df1a7be301a9c538a4bfb9a831ea30c3bcfa1372208aec2338f7adfe3a7868acb5bb576fdd0e7985b2c5a6f65e91d
- SSDEEP
  
  3072:Nl78Y88m4KKxLO7gB8JTV+M6COKOwY7rUJ0l:Tj88RKoLOs4/e7rUCl
Score

7^/10

persistence ransomware
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

persistenceransomware

behavioral2