363542759158ea906b1335331528a7e0af6d5c330011f262e1003669ce9fb847 | Triage

Sharing

General

Target

363542759158ea906b1335331528a7e0af6d5c330011f262e1003669ce9fb847
Size

328KB
Sample

221127-ftea8sfb91
MD5

3e2f2d4cccf3fcda61a4cc2a3d378a45
SHA1

a0efa4e3292b2a105b0491147a6760a294819819
SHA256

363542759158ea906b1335331528a7e0af6d5c330011f262e1003669ce9fb847
SHA512

b5a21b053a5b39ca5f64aa5beabffe8eb9085c5ac6e314e4af44e1570a28c5ac9609ade4f9a4df827de91d576f8190e41a10865f83a005827916535fd023ea98
SSDEEP

6144:dudETpa3kcP6ATyqEqAUXvwvGJwSTBaRlgweSq+VWre+e6eQuYeGsdVYlJC:0dYq9b2qEqAUXvwvGOSTQvkUV0GjGsdV

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  363542759158ea906b1335331528a7e0af6d5c330011f262e1003669ce9fb847
- Size
  
  328KB
- MD5
  
  3e2f2d4cccf3fcda61a4cc2a3d378a45
- SHA1
  
  a0efa4e3292b2a105b0491147a6760a294819819
- SHA256
  
  363542759158ea906b1335331528a7e0af6d5c330011f262e1003669ce9fb847
- SHA512
  
  b5a21b053a5b39ca5f64aa5beabffe8eb9085c5ac6e314e4af44e1570a28c5ac9609ade4f9a4df827de91d576f8190e41a10865f83a005827916535fd023ea98
- SSDEEP
  
  6144:dudETpa3kcP6ATyqEqAUXvwvGJwSTBaRlgweSq+VWre+e6eQuYeGsdVYlJC:0dYq9b2qEqAUXvwvGOSTQvkUV0GjGsdV
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan