1a0b133f8d511e0a78ace8b21056f164199c9e502c6f9013f779a8c2584a2626 | Triage

Sharing

General

Target

1a0b133f8d511e0a78ace8b21056f164199c9e502c6f9013f779a8c2584a2626
Size

216KB
Sample

221126-jc7s1acc48
MD5

18da21337a68b2edf0abedc4a6cb6b0c
SHA1

a42a59f6a2a778ece6cdf55d58ba58243e06a57c
SHA256

1a0b133f8d511e0a78ace8b21056f164199c9e502c6f9013f779a8c2584a2626
SHA512

60ad568cf5dcf02fc612972d1ff1836af924815c7be7ef106b4d565d81326fb3565ba7fa4e98016385a1f093c4b1a84fae0d4a44b84fcee92c29425dfe435487
SSDEEP

3072:rawhW9eOEtiOOrKOoVfyAvs56z/fBTZ+J/h/GfJYO/SB+NvXY7JMW:rq/BpZooAkYfRZ+J/UR/HvXY

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  1a0b133f8d511e0a78ace8b21056f164199c9e502c6f9013f779a8c2584a2626
- Size
  
  216KB
- MD5
  
  18da21337a68b2edf0abedc4a6cb6b0c
- SHA1
  
  a42a59f6a2a778ece6cdf55d58ba58243e06a57c
- SHA256
  
  1a0b133f8d511e0a78ace8b21056f164199c9e502c6f9013f779a8c2584a2626
- SHA512
  
  60ad568cf5dcf02fc612972d1ff1836af924815c7be7ef106b4d565d81326fb3565ba7fa4e98016385a1f093c4b1a84fae0d4a44b84fcee92c29425dfe435487
- SSDEEP
  
  3072:rawhW9eOEtiOOrKOoVfyAvs56z/fBTZ+J/h/GfJYO/SB+NvXY7JMW:rq/BpZooAkYfRZ+J/UR/HvXY
Score

9^/10

ransomware persistence
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2