ee177b068a2ac964536637fe4f04ff2deed524e981e69f5cceb2e0dd935c3f65 | Triage

Sharing

General

Target

ee177b068a2ac964536637fe4f04ff2deed524e981e69f5cceb2e0dd935c3f65
Size

531KB
Sample

221124-el34ysfh97
MD5

400d4d727950f4d6de451115b8c4cfc1
SHA1

e97b06dc654b70c6c117e7b2e91c9916a06e85a4
SHA256

ee177b068a2ac964536637fe4f04ff2deed524e981e69f5cceb2e0dd935c3f65
SHA512

0d2d90ed3bef2f321629e63e672855ab9d4c3015970b35990147bdc14c87e657ca6c4178402f77f6e0d35ef82ce338c499b634faf928590d4717ef28d535d281
SSDEEP

6144:LUv7JBskamattpI16Mu4isYwNMQ9PRKeIXIRTjv1ECkrQUK:AvqNsieIk3v1eUf

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  ee177b068a2ac964536637fe4f04ff2deed524e981e69f5cceb2e0dd935c3f65
- Size
  
  531KB
- MD5
  
  400d4d727950f4d6de451115b8c4cfc1
- SHA1
  
  e97b06dc654b70c6c117e7b2e91c9916a06e85a4
- SHA256
  
  ee177b068a2ac964536637fe4f04ff2deed524e981e69f5cceb2e0dd935c3f65
- SHA512
  
  0d2d90ed3bef2f321629e63e672855ab9d4c3015970b35990147bdc14c87e657ca6c4178402f77f6e0d35ef82ce338c499b634faf928590d4717ef28d535d281
- SSDEEP
  
  6144:LUv7JBskamattpI16Mu4isYwNMQ9PRKeIXIRTjv1ECkrQUK:AvqNsieIk3v1eUf
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan