06c3ad26348c0b4f36fdab83e695157155a98987c2bf6b0b25c7b418b8142b68 | Triage

Sharing

General

Target

06c3ad26348c0b4f36fdab83e695157155a98987c2bf6b0b25c7b418b8142b68
Size

304KB
Sample

221126-kzs4ssff82
MD5

5dd9b1d1fa4f48d440b19b6be04de03d
SHA1

5d34fb80164c3b3687ee38f75aaa56060a971efe
SHA256

06c3ad26348c0b4f36fdab83e695157155a98987c2bf6b0b25c7b418b8142b68
SHA512

5982d337afb897f848b76bb843d67da4ebc9dc4609f5e3c4708bc0b3acd2cd79c9b3ad9f1ad1abe424be375be653c5d61490bdcf99a3bd30d38e2b7ad7fc449b
SSDEEP

6144:8yCLJBUUYhMVB0KV9FRXODf5nKzn+eL1om9T7:4b6ev1zXgf5nKbBLr7

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  06c3ad26348c0b4f36fdab83e695157155a98987c2bf6b0b25c7b418b8142b68
- Size
  
  304KB
- MD5
  
  5dd9b1d1fa4f48d440b19b6be04de03d
- SHA1
  
  5d34fb80164c3b3687ee38f75aaa56060a971efe
- SHA256
  
  06c3ad26348c0b4f36fdab83e695157155a98987c2bf6b0b25c7b418b8142b68
- SHA512
  
  5982d337afb897f848b76bb843d67da4ebc9dc4609f5e3c4708bc0b3acd2cd79c9b3ad9f1ad1abe424be375be653c5d61490bdcf99a3bd30d38e2b7ad7fc449b
- SSDEEP
  
  6144:8yCLJBUUYhMVB0KV9FRXODf5nKzn+eL1om9T7:4b6ev1zXgf5nKbBLr7
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2