b17a7699c33cedd50c30eb45b3f9a71de962898a8ba61bcad1a08e95192c736d | Triage

Sharing

General

Target

b17a7699c33cedd50c30eb45b3f9a71de962898a8ba61bcad1a08e95192c736d
Size

250KB
Sample

221124-el7gdaga22
MD5

f90508fab27c8f683efc4146553fdd01
SHA1

bea4a20ff991fb31a4bae46614379f7791560025
SHA256

b17a7699c33cedd50c30eb45b3f9a71de962898a8ba61bcad1a08e95192c736d
SHA512

9e3468d4f5212266b449e9fb951db26b0958f101a303e0d05e351dc1aa1795885f5fd5541852a33f6ede5aa01d281d16a33e72da39ea27fbec1843a2f875d7ab
SSDEEP

6144:nAPTqIFSlHhZkttpI16MuSisYwNKQ9PRKenTad2BofPJLu:nAPOI03qzsQenWqMk

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Perfil.Pdf _____________________________________________________________.exe
- Size
  
  531KB
- MD5
  
  400d4d727950f4d6de451115b8c4cfc1
- SHA1
  
  e97b06dc654b70c6c117e7b2e91c9916a06e85a4
- SHA256
  
  ee177b068a2ac964536637fe4f04ff2deed524e981e69f5cceb2e0dd935c3f65
- SHA512
  
  0d2d90ed3bef2f321629e63e672855ab9d4c3015970b35990147bdc14c87e657ca6c4178402f77f6e0d35ef82ce338c499b634faf928590d4717ef28d535d281
- SSDEEP
  
  6144:LUv7JBskamattpI16Mu4isYwNMQ9PRKeIXIRTjv1ECkrQUK:AvqNsieIk3v1eUf
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan