5c1ebae5f7444b800fc335d39d5c9bf35a17960b347ee5eb3a00b52a7f56cd55 | Triage

Submit
Reports

Overview

overview

9

Static

static

5c1ebae5f7...55.exe

windows7-x64

9

5c1ebae5f7...55.exe

windows10-2004-x64

6

Sharing

General

Target

5c1ebae5f7444b800fc335d39d5c9bf35a17960b347ee5eb3a00b52a7f56cd55
Size

256KB
Sample

221125-beek8sec61
MD5

acb05e95d713b1772fb96a5e607d539f
SHA1

0017b03a38d00cf43fa36e40dd9f65da499c09f7
SHA256

5c1ebae5f7444b800fc335d39d5c9bf35a17960b347ee5eb3a00b52a7f56cd55
SHA512

d17a55ae1095a8e81d027aff27609d02f751f9fd5d7b5f19e2fe2c454ee5b53307595be630c673efe91e88fe6617aec883c1ff3146d8b564029121491b1e1aa4
SSDEEP

6144:mEfGkQqJ2KjIwEY52Y+n2e8couZ5nsvnnk6ReLEYHF2F8:mE1QQ2KkwbUn2e5sP6P2O

Score

9^/10

persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

5c1ebae5f7444b800fc335d39d5c9bf35a17960b347ee5eb3a00b52a7f56cd55.exe

Resource

win7-20220812-en

persistence ransomware

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5c1ebae5f7444b800fc335d39d5c9bf35a17960b347ee5eb3a00b52a7f56cd55.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  5c1ebae5f7444b800fc335d39d5c9bf35a17960b347ee5eb3a00b52a7f56cd55
- Size
  
  256KB
- MD5
  
  acb05e95d713b1772fb96a5e607d539f
- SHA1
  
  0017b03a38d00cf43fa36e40dd9f65da499c09f7
- SHA256
  
  5c1ebae5f7444b800fc335d39d5c9bf35a17960b347ee5eb3a00b52a7f56cd55
- SHA512
  
  d17a55ae1095a8e81d027aff27609d02f751f9fd5d7b5f19e2fe2c454ee5b53307595be630c673efe91e88fe6617aec883c1ff3146d8b564029121491b1e1aa4
- SSDEEP
  
  6144:mEfGkQqJ2KjIwEY52Y+n2e8couZ5nsvnnk6ReLEYHF2F8:mE1QQ2KkwbUn2e5sP6P2O
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

© 2018-2024

Terms | Privacy