913586e7a5c48dd71a193f3a25c36886b3a8e61bf1ec27ea1ccc0282f50df043 | Triage

Sharing

General

Target

913586e7a5c48dd71a193f3a25c36886b3a8e61bf1ec27ea1ccc0282f50df043
Size

1.0MB
Sample

221128-b2rjbaad7t
MD5

dfb4b1532bee1ecb3f0862f733711210
SHA1

8580a087477d46045af318e609abcd5dd0f87053
SHA256

913586e7a5c48dd71a193f3a25c36886b3a8e61bf1ec27ea1ccc0282f50df043
SHA512

66f830266990d01756ee0569e905dd7f4323ec757d900993146e7a6abdef54e253d0753aa2083062a4027f1cb2d53890e046dbf6a689fe3636fba2106822b989
SSDEEP

24576:v5ARgOEDvJxoJCOKai9AGBtZFR9pVhvJ14qgFWZS/M3vLwkXRKA/tlHMK+qKoeJW:CEDDoJCOKaiaGBtZFR9pVhvJ14qgFWZV

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  913586e7a5c48dd71a193f3a25c36886b3a8e61bf1ec27ea1ccc0282f50df043
- Size
  
  1.0MB
- MD5
  
  dfb4b1532bee1ecb3f0862f733711210
- SHA1
  
  8580a087477d46045af318e609abcd5dd0f87053
- SHA256
  
  913586e7a5c48dd71a193f3a25c36886b3a8e61bf1ec27ea1ccc0282f50df043
- SHA512
  
  66f830266990d01756ee0569e905dd7f4323ec757d900993146e7a6abdef54e253d0753aa2083062a4027f1cb2d53890e046dbf6a689fe3636fba2106822b989
- SSDEEP
  
  24576:v5ARgOEDvJxoJCOKai9AGBtZFR9pVhvJ14qgFWZS/M3vLwkXRKA/tlHMK+qKoeJW:CEDDoJCOKaiaGBtZFR9pVhvJ14qgFWZV
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2