cd7cdb0397d0ba51a12f6718a7d9d0f0f83c8f512916dd5977c6555ce17ac124 | Triage

Sharing

General

Target

cd7cdb0397d0ba51a12f6718a7d9d0f0f83c8f512916dd5977c6555ce17ac124
Size

192KB
Sample

221126-p9cl1sec39
MD5

be401dfec4ab64cb6e5450de30ba8d45
SHA1

fcd8c847898c3d766edeec4506baaab8203c2215
SHA256

cd7cdb0397d0ba51a12f6718a7d9d0f0f83c8f512916dd5977c6555ce17ac124
SHA512

d64b4a319f88ea8cac7115f51bce660aa0bbaa3ab0274dc5351dbd41f6e729b3c0f26c1efa372f7863bb2eca4e4eb921007fa291d1d8b141abf8ad17fed35a4f
SSDEEP

3072:imR49FBIrTtcgcCeVrzTAx1H6OfUUpuXnJ5iLl7ZaxzP72m9pZneyTvKqBE:imR4LQcgcBr+rUznJ5iR0N72hyVBE

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  cd7cdb0397d0ba51a12f6718a7d9d0f0f83c8f512916dd5977c6555ce17ac124
- Size
  
  192KB
- MD5
  
  be401dfec4ab64cb6e5450de30ba8d45
- SHA1
  
  fcd8c847898c3d766edeec4506baaab8203c2215
- SHA256
  
  cd7cdb0397d0ba51a12f6718a7d9d0f0f83c8f512916dd5977c6555ce17ac124
- SHA512
  
  d64b4a319f88ea8cac7115f51bce660aa0bbaa3ab0274dc5351dbd41f6e729b3c0f26c1efa372f7863bb2eca4e4eb921007fa291d1d8b141abf8ad17fed35a4f
- SSDEEP
  
  3072:imR49FBIrTtcgcCeVrzTAx1H6OfUUpuXnJ5iLl7ZaxzP72m9pZneyTvKqBE:imR4LQcgcBr+rUznJ5iR0N72hyVBE
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2