faae39367bae706cec58e5a845a530dd7cacc510a530a36f1c96aeffa46987f4 | Triage

Sharing

General

Target

faae39367bae706cec58e5a845a530dd7cacc510a530a36f1c96aeffa46987f4
Size

733KB
Sample

221125-znnr9sec89
MD5

65ea48b4c82f88c7263b9034176e2a8d
SHA1

c15ad4d273f16d843c18c7c1ad679638c4fc2381
SHA256

faae39367bae706cec58e5a845a530dd7cacc510a530a36f1c96aeffa46987f4
SHA512

d281ed14c1327c4c01b0e4fe1da0b15e10660f245fcc3bd695493d38e994f727fa4f104d8a8a8aca94c41ac21479f813537faaa65780f82959daa79789c92dca
SSDEEP

12288:NZjLucE4zhEeah7kkvwp5OFwqHRmdzjr/:bLurAhPEdHR0H

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  faae39367bae706cec58e5a845a530dd7cacc510a530a36f1c96aeffa46987f4
- Size
  
  733KB
- MD5
  
  65ea48b4c82f88c7263b9034176e2a8d
- SHA1
  
  c15ad4d273f16d843c18c7c1ad679638c4fc2381
- SHA256
  
  faae39367bae706cec58e5a845a530dd7cacc510a530a36f1c96aeffa46987f4
- SHA512
  
  d281ed14c1327c4c01b0e4fe1da0b15e10660f245fcc3bd695493d38e994f727fa4f104d8a8a8aca94c41ac21479f813537faaa65780f82959daa79789c92dca
- SSDEEP
  
  12288:NZjLucE4zhEeah7kkvwp5OFwqHRmdzjr/:bLurAhPEdHR0H
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2