3cf9b5ce45b7349947d4b1ec0edcd24f72b93b4a7bcfb1f0dfccccdab76a82a3 | Triage

Sharing

General

Target

3cf9b5ce45b7349947d4b1ec0edcd24f72b93b4a7bcfb1f0dfccccdab76a82a3
Size

482KB
Sample

221124-pbwl8scf33
MD5

eefb361a598211ef2a468017d1a3bb2c
SHA1

c51f28a9ceb78a3920a766874dc1b4601f1ba443
SHA256

3cf9b5ce45b7349947d4b1ec0edcd24f72b93b4a7bcfb1f0dfccccdab76a82a3
SHA512

c7a5ea8c5da3c19b1c44af93a2914271f3a4833fe788f3875c122014f1f308b8dacfec92504d8db5a5cecaf66d63a74edebbfdfa2cf4df5fdc8866b8657cc76d
SSDEEP

6144:kioL4qsxpzE0qcQL/RPsBllXpA0iIOg2OJR7R7XxTD10rNptyEG/62z9bxvoYal3:kDUZbz1X8GvAY0vopR8ZKFVMiYaI

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  3cf9b5ce45b7349947d4b1ec0edcd24f72b93b4a7bcfb1f0dfccccdab76a82a3
- Size
  
  482KB
- MD5
  
  eefb361a598211ef2a468017d1a3bb2c
- SHA1
  
  c51f28a9ceb78a3920a766874dc1b4601f1ba443
- SHA256
  
  3cf9b5ce45b7349947d4b1ec0edcd24f72b93b4a7bcfb1f0dfccccdab76a82a3
- SHA512
  
  c7a5ea8c5da3c19b1c44af93a2914271f3a4833fe788f3875c122014f1f308b8dacfec92504d8db5a5cecaf66d63a74edebbfdfa2cf4df5fdc8866b8657cc76d
- SSDEEP
  
  6144:kioL4qsxpzE0qcQL/RPsBllXpA0iIOg2OJR7R7XxTD10rNptyEG/62z9bxvoYal3:kDUZbz1X8GvAY0vopR8ZKFVMiYaI
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2