Overview

overview

9

Static

static

Transazion...__.exe

windows7-x64

9

Transazion...__.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    008f6f2dc850f4666e4e0e750d7f71dd1d66ff49b4866ba92599efad6ad61a86

  • Size

    281KB

  • Sample

    221126-fdebasga2w

  • MD5

    2b5d4368a8c867f65f0570b92d490c35

  • SHA1

    8bc37c75684f508605e6b450e38d895bcd3eb20a

  • SHA256

    008f6f2dc850f4666e4e0e750d7f71dd1d66ff49b4866ba92599efad6ad61a86

  • SHA512

    a65ab007b58af9297fd714efc8539eccb184eee46df195ba5aef8f718ea9b70b9c3f5fbb8cfb18fcf3464283c090670f240ea4535da665ff2a71e0de155462ef

  • SSDEEP

    6144:DDTCdxxJ+71AW1WGfISP8uqNPuaPAPibFD1sFNC106qN+G:DDwxxOOg8RaNFNDOG

Score
9/10
collectionevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Transazione.Pdf______________________________________________________________.exe

    • Size

      446KB

    • MD5

      11ff8a8e9a643deff1dcf58e7e2fdf20

    • SHA1

      40b1d84b341bae23dc5cfa8dd1c44cf96294cd54

    • SHA256

      62d0ce15d2dc5825d4bf46690bc296547387f6b74304ba6a6fedbebba440a490

    • SHA512

      29499106387047744693da395da8aeb695933579f7b1f5dd23613059591215ca60be4021286c04cacf5c02e5726ab28fe2ed15b0a9b6c12571b88532eec156f1

    • SSDEEP

      12288:/uPIb4kzPgkrw1k2Fr8+o/tH18wtuomhUqlDykX:SItUkrQ5Fr6/n82yblmg

    Score
    9/10
    collectionevasionpersistenceransomwaretrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks