2aee14aa18a742ea0a5409173a220855b9ab1720748bf992ddd93e0b85b82fb3 | Triage

Sharing

General

Target

2aee14aa18a742ea0a5409173a220855b9ab1720748bf992ddd93e0b85b82fb3
Size

428KB
Sample

221126-kzw6fsff84
MD5

e6227eaefc147e66e3c7fa87a7e90fd6
SHA1

911670753ffb5d56466888a22182501c4e32ebed
SHA256

2aee14aa18a742ea0a5409173a220855b9ab1720748bf992ddd93e0b85b82fb3
SHA512

c077f4597279542ba9e2ae1e84da84b855c418c7fcef73d294c1c71525c4ad658cf444ebbcb9f9563dd193b37fc5bb96daa8e4422b6ea5d9e20b411d27ee1de7
SSDEEP

12288:UC5a4ZNG9mOhWMILp2IM4Vd0GkCY/xYa:Va4Zg9ThWhMmdBwx

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  2aee14aa18a742ea0a5409173a220855b9ab1720748bf992ddd93e0b85b82fb3
- Size
  
  428KB
- MD5
  
  e6227eaefc147e66e3c7fa87a7e90fd6
- SHA1
  
  911670753ffb5d56466888a22182501c4e32ebed
- SHA256
  
  2aee14aa18a742ea0a5409173a220855b9ab1720748bf992ddd93e0b85b82fb3
- SHA512
  
  c077f4597279542ba9e2ae1e84da84b855c418c7fcef73d294c1c71525c4ad658cf444ebbcb9f9563dd193b37fc5bb96daa8e4422b6ea5d9e20b411d27ee1de7
- SSDEEP
  
  12288:UC5a4ZNG9mOhWMILp2IM4Vd0GkCY/xYa:Va4Zg9ThWhMmdBwx
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomware