Overview

overview

8

Static

static

aa50a1e524...33.exe

windows7-x64

aa50a1e524...33.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa50a1e524059a4d184933850bc664a6752608a10ba1e876a4802542dc341033.zip

  • Size

    682KB

  • Sample

    221124-rgaytsch7w

  • MD5

    2bdde1733e648f9123c190bdb495a103

  • SHA1

    b6eb6ddf8d6be7377de205436e8960b84c29d6d2

  • SHA256

    54b77115603f9cb8dd03f3850bdb425d6ad4b121f83f531f0dbeee5a4622aa9f

  • SHA512

    f52399f9cc94d4acd5c43fdfa3e1ef44fe4cf38d932ce32b6bf7cd22da19c02c14fff1c1cf5473231643ee2cc9725563d2ef4767532c0c115fa6eb6140e47225

  • SSDEEP

    12288:RwCJxVwzRtJuYZpm0FI0zbzHo0J6k0/ksZIkz061j/HWSy54CTa+:jJcuYZc0FI0zP7J62KwOj+SyGq

Score
8/10
ransomware

Malware Config

Targets

    • Target

      aa50a1e524059a4d184933850bc664a6752608a10ba1e876a4802542dc341033.exe

    • Size

      1.1MB

    • MD5

      42d5422b60e6b5e20e7aaf730a81cc87

    • SHA1

      e4c5691422f8bb438cae51bdb4340e75efed9f8d

    • SHA256

      aa50a1e524059a4d184933850bc664a6752608a10ba1e876a4802542dc341033

    • SHA512

      2eac1dbd2a97dcd4b16e526536ea235553b848dc677a17463ae4ef4381e733e773bd0ac74cf84b89dcd30b56a18e312254c9f2ede6f871b0d1552ea889657f25

    • SSDEEP

      24576:S7+J7TGhOa+9EuP9HxoXZoVeCe6TXjJpsB8jIy:S7a7TwOaexTz7sU

    Score
    8/10
    ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks