05306ac3918a6f5bf386fed597c86dbeda62f0aa89a3873de41689a99f507841 | Triage

Sharing

General

Target

05306ac3918a6f5bf386fed597c86dbeda62f0aa89a3873de41689a99f507841
Size

354KB
Sample

221126-hhg9vshh78
MD5

c7f0b60cb67b263d2d83cf3d7b7689d1
SHA1

0b90ef666968e5de30d93c8608107879a118b840
SHA256

05306ac3918a6f5bf386fed597c86dbeda62f0aa89a3873de41689a99f507841
SHA512

742aaecdd7c0f60dc91094fe3b62c0650760828735aaeaee765af5d074af9ec24f704ffa2e0f2b84be057030c5cef25874f80beb5dbae25f7d1f4a208ea6647c
SSDEEP

6144:ZHYKnUf8h+jyl10FqQ55vAy1NxkyOPf2V4/QdzZA6zva1gX+aohzpI:LUfi+j410FP55xxkNf2V1hZoq+R

Score

9^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  05306ac3918a6f5bf386fed597c86dbeda62f0aa89a3873de41689a99f507841
- Size
  
  354KB
- MD5
  
  c7f0b60cb67b263d2d83cf3d7b7689d1
- SHA1
  
  0b90ef666968e5de30d93c8608107879a118b840
- SHA256
  
  05306ac3918a6f5bf386fed597c86dbeda62f0aa89a3873de41689a99f507841
- SHA512
  
  742aaecdd7c0f60dc91094fe3b62c0650760828735aaeaee765af5d074af9ec24f704ffa2e0f2b84be057030c5cef25874f80beb5dbae25f7d1f4a208ea6647c
- SSDEEP
  
  6144:ZHYKnUf8h+jyl10FqQ55vAy1NxkyOPf2V4/QdzZA6zva1gX+aohzpI:LUfi+j410FP55xxkNf2V1hZoq+R
Score

9^/10

evasion persistence ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware