7fae4095a48828583d73bc838541241e8e4a24e96f60aa7022516c238d6a0a30 | Triage

Sharing

General

Target

7fae4095a48828583d73bc838541241e8e4a24e96f60aa7022516c238d6a0a30
Size

465KB
Sample

221124-pd7ghsfh4z
MD5

ccfe1de3c5cf50397754e4dae3a97d15
SHA1

1193da75ff5e3857e732dcdabf1269709ace8e50
SHA256

7fae4095a48828583d73bc838541241e8e4a24e96f60aa7022516c238d6a0a30
SHA512

2095b41663c1f4e6c1255f827a645e8b2be93d088e796a2632d56703cb4b00b17f065002eb9cae77084747f79daeaf1968df1dd262c3c29172834512e488c17f
SSDEEP

12288:axs2dYiijpIWnljvxq/48rKTwviEMCYuCc7/Mz:kSiiVjFqgJTwviEMCYbc7c

Score

9^/10

collection evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  7fae4095a48828583d73bc838541241e8e4a24e96f60aa7022516c238d6a0a30
- Size
  
  465KB
- MD5
  
  ccfe1de3c5cf50397754e4dae3a97d15
- SHA1
  
  1193da75ff5e3857e732dcdabf1269709ace8e50
- SHA256
  
  7fae4095a48828583d73bc838541241e8e4a24e96f60aa7022516c238d6a0a30
- SHA512
  
  2095b41663c1f4e6c1255f827a645e8b2be93d088e796a2632d56703cb4b00b17f065002eb9cae77084747f79daeaf1968df1dd262c3c29172834512e488c17f
- SSDEEP
  
  12288:axs2dYiijpIWnljvxq/48rKTwviEMCYuCc7/Mz:kSiiVjFqgJTwviEMCYbc7c
Score

9^/10

collection evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

collectionevasionpersistenceransomwaretrojan

behavioral2