d9ec38eb3969f4f066c8864631262547b90c1bb1653a2da964310b2ec0160c9c | Triage

Sharing

General

Target

b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.zip
Size

1.1MB
Sample

221124-rgam3ahf49
MD5

1fa2b0b9d61c7cc6280453c97ce6c57b
SHA1

97d38049d7b34253668a1478359ca7da7c7ae45d
SHA256

d9ec38eb3969f4f066c8864631262547b90c1bb1653a2da964310b2ec0160c9c
SHA512

59ef575eb0f6f2d46b3ff9c01dde441be1ab20bf727337c17866d85fa50f05dc898e5856dc9b5306d8aa677ac310f043ca5f720b56822805ebb9a87aeded74ae
SSDEEP

24576:TPhPyF4NWu1KuuVfVL4zRB5tNVrtfrINd0OfaecswEd9pNXRzKvfuS08mHubpP60:TJPyF4Nr1XqtL+RBNRVry5cFs93pSfx5

Score

8^/10

ransomware

Malware Config

Targets

- Target
  
  b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7.exe
- Size
  
  1.7MB
- MD5
  
  2010f94a111ab8d9e0a25d7aefd2704e
- SHA1
  
  cc5fb0d3c2ac669a04ce073e2023200107a1846a
- SHA256
  
  b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7
- SHA512
  
  daec0ed4e7ed5467c9b59db2976227f142a56f1e3eadd138baf6281d63ea565849da08c1ffcad056fc49909a42d16b79bbcf546ef37977f3e386566ca3dbcc71
- SSDEEP
  
  24576:GhGyCHW7fOpOQWzYSQ6iRUxgrGEMr3LvDUUk1+CtdEckOOZ2K7bGqvUCSVt:GhGVHWyOrVuUUMrbZk1yckOOZ2fyUtr
Score

8^/10

ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2