2a825514c1ad3f9c77ba93e92fab8152091de8abd64685c16a0d13d03e285891 | Triage

Sharing

General

Target

2a825514c1ad3f9c77ba93e92fab8152091de8abd64685c16a0d13d03e285891
Size

339KB
Sample

221124-gzwm5sdg53
MD5

be98338e8170418b624915328377710e
SHA1

bd772bbbec24866fbb45dc59f7ef961f926cf3fb
SHA256

2a825514c1ad3f9c77ba93e92fab8152091de8abd64685c16a0d13d03e285891
SHA512

0afe01f75de41abee6744952e6bd2dc054a2003ce86eb7f2a4f1492fbc3baedfab3bd46c7a33c3293d1756b9f2f06a7933a178d25042c119ff2239674ec09f65
SSDEEP

6144:wbbNTzYayq3rkO4YQjw6zGDhUfXYr8aXGukY8dLxPia4XJoQPGecGV+v:gbNfYmAOPs7foreu8dVaa4XOQOOs

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Answer.Pdf_____________________________________________________________.exe
- Size
  
  527KB
- MD5
  
  253491ad824e156971c957cd15254844
- SHA1
  
  d47161e939cc823a331fff50859b915c3f876342
- SHA256
  
  31cbc1ad9f119d6d8eff0d01e07e130ff7c12761e9345a525613106b9c6bc8d5
- SHA512
  
  6ba1b7ecb435bccab47b96eb5f008b84003c5fd7518df4aee221004e669c9bd4b8e93163f7755f474102142c63f7c3d753e466483a3d82e418aa4cea127bb53f
- SSDEEP
  
  6144:O6LMUW1qIa6s/Ab/f+4tD7kVkBtx2rqD7Hg3fWsPJWojKwfybrU0hN+oZTc2:Dof12/U/f+4dkKBWrasvLhWWKwfb0+oj
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

persistenceransomware