b1e38c3b48098fbe983a61d3b9f92016aa4c8c01d52ce41560df4e5f5d16e579 | Triage

Sharing

General

Target

b1e38c3b48098fbe983a61d3b9f92016aa4c8c01d52ce41560df4e5f5d16e579
Size

175KB
Sample

221124-e5f4jahc95
MD5

4594877fd48a1d36b2bc26600c254916
SHA1

a6689e98d4d401381e51477a0aa066e7af3e3c09
SHA256

b1e38c3b48098fbe983a61d3b9f92016aa4c8c01d52ce41560df4e5f5d16e579
SHA512

ae768ae8d7fc5a90daeca99d5854a65eebfa3f24db410fc85dc8bf6c4498e0536bbf14dc5671887cbce016fa8c0a85cfc2efbe38cf7319a01266b8bc8fb6e3ae
SSDEEP

3072:FjiGFwg3frcJZEy1hhF1+ZM8RN56BG6+6e:FjH2mfrOEy1hh+tN5i

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  b1e38c3b48098fbe983a61d3b9f92016aa4c8c01d52ce41560df4e5f5d16e579
- Size
  
  175KB
- MD5
  
  4594877fd48a1d36b2bc26600c254916
- SHA1
  
  a6689e98d4d401381e51477a0aa066e7af3e3c09
- SHA256
  
  b1e38c3b48098fbe983a61d3b9f92016aa4c8c01d52ce41560df4e5f5d16e579
- SHA512
  
  ae768ae8d7fc5a90daeca99d5854a65eebfa3f24db410fc85dc8bf6c4498e0536bbf14dc5671887cbce016fa8c0a85cfc2efbe38cf7319a01266b8bc8fb6e3ae
- SSDEEP
  
  3072:FjiGFwg3frcJZEy1hhF1+ZM8RN56BG6+6e:FjH2mfrOEy1hh+tN5i
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2