31cbc1ad9f119d6d8eff0d01e07e130ff7c12761e9345a525613106b9c6bc8d5 | Triage

Sharing

General

Target

31cbc1ad9f119d6d8eff0d01e07e130ff7c12761e9345a525613106b9c6bc8d5
Size

527KB
Sample

221124-gzsw9agg6s
MD5

253491ad824e156971c957cd15254844
SHA1

d47161e939cc823a331fff50859b915c3f876342
SHA256

31cbc1ad9f119d6d8eff0d01e07e130ff7c12761e9345a525613106b9c6bc8d5
SHA512

6ba1b7ecb435bccab47b96eb5f008b84003c5fd7518df4aee221004e669c9bd4b8e93163f7755f474102142c63f7c3d753e466483a3d82e418aa4cea127bb53f
SSDEEP

6144:O6LMUW1qIa6s/Ab/f+4tD7kVkBtx2rqD7Hg3fWsPJWojKwfybrU0hN+oZTc2:Dof12/U/f+4dkKBWrasvLhWWKwfb0+oj

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  31cbc1ad9f119d6d8eff0d01e07e130ff7c12761e9345a525613106b9c6bc8d5
- Size
  
  527KB
- MD5
  
  253491ad824e156971c957cd15254844
- SHA1
  
  d47161e939cc823a331fff50859b915c3f876342
- SHA256
  
  31cbc1ad9f119d6d8eff0d01e07e130ff7c12761e9345a525613106b9c6bc8d5
- SHA512
  
  6ba1b7ecb435bccab47b96eb5f008b84003c5fd7518df4aee221004e669c9bd4b8e93163f7755f474102142c63f7c3d753e466483a3d82e418aa4cea127bb53f
- SSDEEP
  
  6144:O6LMUW1qIa6s/Ab/f+4tD7kVkBtx2rqD7Hg3fWsPJWojKwfybrU0hN+oZTc2:Dof12/U/f+4dkKBWrasvLhWWKwfb0+oj
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

persistenceransomware