5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9 | Triage

Sharing

General

Target

5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9
Size

220KB
Sample

221127-kmsx9sgh3t
MD5

941fb1cd3fdab89abc35f0a21abd2f45
SHA1

349c15855c91c341db0bc01cc328a17a3554cbc4
SHA256

5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9
SHA512

14cf15e0f84f821adfd4dfe3037421291f296e9613db3f77405053e2b4a9a2e18625c2425a56af02bb479ff8e5c6b2eb45808d0054b5dbefd3d9cba213c0ade5
SSDEEP

3072:sTVZEA0R5UeyVSzeIw6upojbcbf0L1siwNGRRH9fZvl2hZm6nE:sxWA0EeKvpdbf0L1si9H9fZvj6E

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9
- Size
  
  220KB
- MD5
  
  941fb1cd3fdab89abc35f0a21abd2f45
- SHA1
  
  349c15855c91c341db0bc01cc328a17a3554cbc4
- SHA256
  
  5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9
- SHA512
  
  14cf15e0f84f821adfd4dfe3037421291f296e9613db3f77405053e2b4a9a2e18625c2425a56af02bb479ff8e5c6b2eb45808d0054b5dbefd3d9cba213c0ade5
- SSDEEP
  
  3072:sTVZEA0R5UeyVSzeIw6upojbcbf0L1siwNGRRH9fZvl2hZm6nE:sxWA0EeKvpdbf0L1si9H9fZvj6E
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan