803a50650c421734e2d563f2fb2735c30645413c43aa65047f0da5c04bca6295 | Triage

Sharing

General

Target

803a50650c421734e2d563f2fb2735c30645413c43aa65047f0da5c04bca6295
Size

359KB
Sample

221124-gzbb7sgg3w
MD5

8e1bdc1c484bc03880c67424d80e351d
SHA1

122a845fa053dcbc16a7148313f27525619a1818
SHA256

803a50650c421734e2d563f2fb2735c30645413c43aa65047f0da5c04bca6295
SHA512

fe52ee11e8f8ed9fba217ad7c26a3bde63c9fd6e1b6ae0b9401a1b848be7567c39e8bba322225dad86185883fc3e319a115651af747bfecbd5ea91593504d320
SSDEEP

6144:NqSOoNLW7+g9suW/UMhay+I/oRiMhqZcLrAtlb37uIyg7byBVgkQ:NqkNiJ9sb/UwapQoxhycLrauIyYy

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  803a50650c421734e2d563f2fb2735c30645413c43aa65047f0da5c04bca6295
- Size
  
  359KB
- MD5
  
  8e1bdc1c484bc03880c67424d80e351d
- SHA1
  
  122a845fa053dcbc16a7148313f27525619a1818
- SHA256
  
  803a50650c421734e2d563f2fb2735c30645413c43aa65047f0da5c04bca6295
- SHA512
  
  fe52ee11e8f8ed9fba217ad7c26a3bde63c9fd6e1b6ae0b9401a1b848be7567c39e8bba322225dad86185883fc3e319a115651af747bfecbd5ea91593504d320
- SSDEEP
  
  6144:NqSOoNLW7+g9suW/UMhay+I/oRiMhqZcLrAtlb37uIyg7byBVgkQ:NqkNiJ9sb/UwapQoxhycLrauIyYy
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomware