e7275bc3ad642881240b0f34b4b5b547f50d61f6f800cf2ea877e2c7091bf676 | Triage

Sharing

General

Target

e7275bc3ad642881240b0f34b4b5b547f50d61f6f800cf2ea877e2c7091bf676
Size

250KB
Sample

221124-el4qgsbb3y
MD5

1eac45152c432a3909f8cf859d889de7
SHA1

de753f45a76403fcf78804028a4e1aad25abf82e
SHA256

e7275bc3ad642881240b0f34b4b5b547f50d61f6f800cf2ea877e2c7091bf676
SHA512

abf2f6db4b1ef244aac6eb24a401293570fba56950cc7f9f4d1dfe28535613e4058b642ad742d8ac60a53d54fb17c7ffbb5b7ed38eca1c554892bb2d99e4e715
SSDEEP

6144:/APTqIFSlHhZkttpI16MuSisYwNKQ9PRKenTad2BofPJLs:/APOI03qzsQenWqM+

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Mensaje.Pdf _____________________________________________________________.exe
- Size
  
  531KB
- MD5
  
  400d4d727950f4d6de451115b8c4cfc1
- SHA1
  
  e97b06dc654b70c6c117e7b2e91c9916a06e85a4
- SHA256
  
  ee177b068a2ac964536637fe4f04ff2deed524e981e69f5cceb2e0dd935c3f65
- SHA512
  
  0d2d90ed3bef2f321629e63e672855ab9d4c3015970b35990147bdc14c87e657ca6c4178402f77f6e0d35ef82ce338c499b634faf928590d4717ef28d535d281
- SSDEEP
  
  6144:LUv7JBskamattpI16Mu4isYwNMQ9PRKeIXIRTjv1ECkrQUK:AvqNsieIk3v1eUf
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan