d119babfd04596cdae407a1642d4713d566e601c6d2d096215fed02a8d14a7aa | Triage

Sharing

General

Target

d119babfd04596cdae407a1642d4713d566e601c6d2d096215fed02a8d14a7aa
Size

168KB
Sample

221126-kb1hzahg2s
MD5

ddca4d55e0b4c7e729f2a27721f6f957
SHA1

7e48c9dc3e44db4e7a72eb01f3f57c8866c7946c
SHA256

d119babfd04596cdae407a1642d4713d566e601c6d2d096215fed02a8d14a7aa
SHA512

ec1bda515bd0ab60f86d0976dec365b2cc3def12c4a9d381851213ad139c807addc883851a1bb548943f5b35dc7222ea7ecbdbbe30338a053bc5c8e507b2a6ab
SSDEEP

3072:FgW1Bd+9OdyRRGqUXyKKihqwk+mN4vHBbkjuWnHqNI8XKvu+TJ:FDPd+95e9K5d+maHpkjucHqHqJ

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  d119babfd04596cdae407a1642d4713d566e601c6d2d096215fed02a8d14a7aa
- Size
  
  168KB
- MD5
  
  ddca4d55e0b4c7e729f2a27721f6f957
- SHA1
  
  7e48c9dc3e44db4e7a72eb01f3f57c8866c7946c
- SHA256
  
  d119babfd04596cdae407a1642d4713d566e601c6d2d096215fed02a8d14a7aa
- SHA512
  
  ec1bda515bd0ab60f86d0976dec365b2cc3def12c4a9d381851213ad139c807addc883851a1bb548943f5b35dc7222ea7ecbdbbe30338a053bc5c8e507b2a6ab
- SSDEEP
  
  3072:FgW1Bd+9OdyRRGqUXyKKihqwk+mN4vHBbkjuWnHqNI8XKvu+TJ:FDPd+95e9K5d+maHpkjucHqHqJ
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2