40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c | Triage

Sharing

General

Target

40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c
Size

268KB
Sample

221127-tpzchaah79
MD5

12666b5054cc0cb62cf758736340c1bc
SHA1

0f9ec608413918adef409e8e97612b6e71fd1bc7
SHA256

40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c
SHA512

df49dbcd1f2f0bf0d0129cb4e5dd343fc9fba1b46a7fc24db3e1fd560816ae86e79c360873ac06c62876051f622a9a54a327c3aa3019ecdad4a32f9dc9a68a77
SSDEEP

6144:1AZMCVtysJu4wCZt953XCWSntmb6IEACyoO+:u2wXCBWLEA5n+

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c
- Size
  
  268KB
- MD5
  
  12666b5054cc0cb62cf758736340c1bc
- SHA1
  
  0f9ec608413918adef409e8e97612b6e71fd1bc7
- SHA256
  
  40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c
- SHA512
  
  df49dbcd1f2f0bf0d0129cb4e5dd343fc9fba1b46a7fc24db3e1fd560816ae86e79c360873ac06c62876051f622a9a54a327c3aa3019ecdad4a32f9dc9a68a77
- SSDEEP
  
  6144:1AZMCVtysJu4wCZt953XCWSntmb6IEACyoO+:u2wXCBWLEA5n+
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan