48e92e0a73d05721e7e50a28df98ea879246970c1c0c5cdd66b635485ef3dfcb | Triage

Sharing

General

Target

48e92e0a73d05721e7e50a28df98ea879246970c1c0c5cdd66b635485ef3dfcb
Size

469KB
Sample

221124-k4gxbsdc25
MD5

4a4baf09600a0da0e803d4f7716642a3
SHA1

7c84b6cd0a2f50f74522fbcced39d5e85ab45389
SHA256

48e92e0a73d05721e7e50a28df98ea879246970c1c0c5cdd66b635485ef3dfcb
SHA512

f4c78f68df0d0160b0312fa787414c49f30b91c9fae21114ecf04725203949249226c3f4b49df8e35ddef5aed9bdb69f60d7b712516b0f0424d354c3c8c8cdb9
SSDEEP

6144:kicL4qsxpzEHqcQLwIpVsBNzrn2xxHIFRU0POzzqexpKkpsszhNoFji5NDdvFZV:knUZbzS15NXn2xCH92GuzPpvFT

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  48e92e0a73d05721e7e50a28df98ea879246970c1c0c5cdd66b635485ef3dfcb
- Size
  
  469KB
- MD5
  
  4a4baf09600a0da0e803d4f7716642a3
- SHA1
  
  7c84b6cd0a2f50f74522fbcced39d5e85ab45389
- SHA256
  
  48e92e0a73d05721e7e50a28df98ea879246970c1c0c5cdd66b635485ef3dfcb
- SHA512
  
  f4c78f68df0d0160b0312fa787414c49f30b91c9fae21114ecf04725203949249226c3f4b49df8e35ddef5aed9bdb69f60d7b712516b0f0424d354c3c8c8cdb9
- SSDEEP
  
  6144:kicL4qsxpzEHqcQLwIpVsBNzrn2xxHIFRU0POzzqexpKkpsszhNoFji5NDdvFZV:knUZbzS15NXn2xCH92GuzPpvFT
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2