581d8d2020c544f1643db5a65d33df332ad5c174a3e8ce1acb89a799d93712df | Triage

Sharing

General

Target

581d8d2020c544f1643db5a65d33df332ad5c174a3e8ce1acb89a799d93712df
Size

295KB
Sample

221124-pm5dhsgd9v
MD5

9e5876251361b4dbac5bc7e9eb252556
SHA1

e93b59baca4b50ad3506560e002a9c591b7aa1af
SHA256

581d8d2020c544f1643db5a65d33df332ad5c174a3e8ce1acb89a799d93712df
SHA512

6fbedc743fcbad1c67def96f3956361eaa954a4364cb2d12d2138cfafa54e7675d40e7d930e3075730523a5ec260de249d398a549c815622248c8c76d76914ce
SSDEEP

6144:VtMsLvfku4J/5S71EMjCa/9zq0+pBQphUl6Z/MADK8:VtB3TZOalzq0+jQjUCEADd

Score

9^/10

collection evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Info.Pdf____________________________________________________________.exe
- Size
  
  494KB
- MD5
  
  cb607388d6b05dcf0d77fd06f563511d
- SHA1
  
  85717a638f5a3cc62b2f5e25897fcee997f35070
- SHA256
  
  8a375f861957b7effcda03ba43720d5bc14eeea97a33475a78b904714283d04e
- SHA512
  
  3bc8cd97bad6c38711eb67ff88b7cc158d991677a0a07d3efb73837d43eaa7bdbd7fb96d2f5a225f5a4fc39cc1aa2a2c6cd4091d201da79cb7be98fd459c246a
- SSDEEP
  
  6144:+7imLFJzjEIl1qcQL7twzWuWFyvgI/EhlRlI8tEUauf+zT3:6RljEIXZ6uaUgF3RllT+zT3
Score

9^/10

collection evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

collectionevasionpersistenceransomwaretrojan

behavioral2