42a80743b3a3950c0c5134d7820b8327ef32bb29f721a9f9e3204aab48b79e30 | Triage

Sharing

General

Target

42a80743b3a3950c0c5134d7820b8327ef32bb29f721a9f9e3204aab48b79e30
Size

300KB
Sample

221127-h4vgbahc87
MD5

6d316c32ccb411b0c2e5d5c595f228ac
SHA1

528363b59474d6bc98af1c6047127293c000495f
SHA256

42a80743b3a3950c0c5134d7820b8327ef32bb29f721a9f9e3204aab48b79e30
SHA512

088927806d14ef2e8b3e81fb45eb6e75f4b9853142a71baa5beae83952d92118e9a0d253086cc8283fcd3d2ed7ec84653a4bfe8bbbdc2d97af0207d6a33b9c3e
SSDEEP

3072:y2RN5GMOtUVOQ24iaw4CsaT1M4NFNbL+XclX8m2RbAvW6IeX7Hishb2cM7IjTbJe:jRNaUUQK4CblNWXkKkBrSyFJC

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  42a80743b3a3950c0c5134d7820b8327ef32bb29f721a9f9e3204aab48b79e30
- Size
  
  300KB
- MD5
  
  6d316c32ccb411b0c2e5d5c595f228ac
- SHA1
  
  528363b59474d6bc98af1c6047127293c000495f
- SHA256
  
  42a80743b3a3950c0c5134d7820b8327ef32bb29f721a9f9e3204aab48b79e30
- SHA512
  
  088927806d14ef2e8b3e81fb45eb6e75f4b9853142a71baa5beae83952d92118e9a0d253086cc8283fcd3d2ed7ec84653a4bfe8bbbdc2d97af0207d6a33b9c3e
- SSDEEP
  
  3072:y2RN5GMOtUVOQ24iaw4CsaT1M4NFNbL+XclX8m2RbAvW6IeX7Hishb2cM7IjTbJe:jRNaUUQK4CblNWXkKkBrSyFJC
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan