00735e4ad3e9a9a5b3551dce371248327e74ef3c25edca343b063c4914a8afb0 | Triage

Sharing

General

Target

00735e4ad3e9a9a5b3551dce371248327e74ef3c25edca343b063c4914a8afb0
Size

129KB
Sample

221127-p26j5ahc74
MD5

aea8ab12edf294ddb2804d6618fdd247
SHA1

96fb7d2e3ad9fe434a66abb15b26dd4e40aa5d4b
SHA256

00735e4ad3e9a9a5b3551dce371248327e74ef3c25edca343b063c4914a8afb0
SHA512

bee50fb9f66126ef51593f80c364f82df301c5e96ed380a6cf90bb67a50d3bb42adf4a3c0214512455061e8952fd97500e82a2d3dbe27e111e597e2cc6ef783d
SSDEEP

3072:E2RkHzd/EtzAAj1reAXyDTdWV1oqCgQfBUnPy8LWVBBhj:E2idEt8ABrKDTdWV1oqCgQfBUPy8LWVh

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  00735e4ad3e9a9a5b3551dce371248327e74ef3c25edca343b063c4914a8afb0
- Size
  
  129KB
- MD5
  
  aea8ab12edf294ddb2804d6618fdd247
- SHA1
  
  96fb7d2e3ad9fe434a66abb15b26dd4e40aa5d4b
- SHA256
  
  00735e4ad3e9a9a5b3551dce371248327e74ef3c25edca343b063c4914a8afb0
- SHA512
  
  bee50fb9f66126ef51593f80c364f82df301c5e96ed380a6cf90bb67a50d3bb42adf4a3c0214512455061e8952fd97500e82a2d3dbe27e111e597e2cc6ef783d
- SSDEEP
  
  3072:E2RkHzd/EtzAAj1reAXyDTdWV1oqCgQfBUnPy8LWVBBhj:E2idEt8ABrKDTdWV1oqCgQfBUPy8LWVh
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2