55897ade87436f210f1503199a2d9289bdd16e50f1fc87ccbd463116834a2231 | Triage

Sharing

General

Target

55897ade87436f210f1503199a2d9289bdd16e50f1fc87ccbd463116834a2231
Size

318KB
Sample

221125-znppkahb6x
MD5

66dc80b5c71c35358e83319799f84661
SHA1

ec7767cae5578e51886e9b19b533272d3f2aba38
SHA256

55897ade87436f210f1503199a2d9289bdd16e50f1fc87ccbd463116834a2231
SHA512

139f03f9d723771d9825666ad0a6ac62f464ba84d5e99e5c45989173ef548b9baf11b27346eb7a3adbb163f575081c4cfa0e183985b05399220ccd1177da36db
SSDEEP

6144:2bZdXMFCfVFAnHgl8iRBqifcONVggW3dIsLOCSRjPMVG5LELjLceGp/k:yv88Anti9kOsDLOCszMgVEvLfGpM

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  fatura_827180294.exe
- Size
  
  733KB
- MD5
  
  65ea48b4c82f88c7263b9034176e2a8d
- SHA1
  
  c15ad4d273f16d843c18c7c1ad679638c4fc2381
- SHA256
  
  faae39367bae706cec58e5a845a530dd7cacc510a530a36f1c96aeffa46987f4
- SHA512
  
  d281ed14c1327c4c01b0e4fe1da0b15e10660f245fcc3bd695493d38e994f727fa4f104d8a8a8aca94c41ac21479f813537faaa65780f82959daa79789c92dca
- SSDEEP
  
  12288:NZjLucE4zhEeah7kkvwp5OFwqHRmdzjr/:bLurAhPEdHR0H
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2