0a35c73d968c5058dea36a66348a38d6f50d82fb4afbb4abeb1fd198a6e8b3e4 | Triage

Sharing

General

Target

0a35c73d968c5058dea36a66348a38d6f50d82fb4afbb4abeb1fd198a6e8b3e4
Size

198KB
Sample

221126-p6d1nsha7z
MD5

6e5504cb11e2f3ff458068ecf0964de3
SHA1

3b93a62c1f2612f2d67cce7474ff8b3ac54e469a
SHA256

0a35c73d968c5058dea36a66348a38d6f50d82fb4afbb4abeb1fd198a6e8b3e4
SHA512

f594c411e6092d945fa296d7c83a23769c0e236598cbda61b38ea5fcd2e837518a4772225bbe7a771cad398b1a6d7501313070919ac77d466ec8b3ef7e07d774
SSDEEP

3072:v+Ra2uU5zrR39ErYNgy8qX7jKNnGNb+yyGM3rbk0f6Y6Lo3UDA4G:nWD39xZiGQjGM7GPM4G

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  0a35c73d968c5058dea36a66348a38d6f50d82fb4afbb4abeb1fd198a6e8b3e4
- Size
  
  198KB
- MD5
  
  6e5504cb11e2f3ff458068ecf0964de3
- SHA1
  
  3b93a62c1f2612f2d67cce7474ff8b3ac54e469a
- SHA256
  
  0a35c73d968c5058dea36a66348a38d6f50d82fb4afbb4abeb1fd198a6e8b3e4
- SHA512
  
  f594c411e6092d945fa296d7c83a23769c0e236598cbda61b38ea5fcd2e837518a4772225bbe7a771cad398b1a6d7501313070919ac77d466ec8b3ef7e07d774
- SSDEEP
  
  3072:v+Ra2uU5zrR39ErYNgy8qX7jKNnGNb+yyGM3rbk0f6Y6Lo3UDA4G:nWD39xZiGQjGM7GPM4G
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2