9eb2821e3450c595b59dce17d57e4c8b02a416dc5b34ef7bcd234247ea7f0e82 | Triage

Sharing

General

Target

9eb2821e3450c595b59dce17d57e4c8b02a416dc5b34ef7bcd234247ea7f0e82
Size

149KB
Sample

221128-cm2amsga47
MD5

529981ee0b1ce9d4d237f3413d6ff190
SHA1

f896bd1e682f25c72f4879a1831dd56a749b20da
SHA256

9eb2821e3450c595b59dce17d57e4c8b02a416dc5b34ef7bcd234247ea7f0e82
SHA512

32ab28eeaece30160002f1e91a1808da50644e86b3db3f6c4d33d7e7977807bd2d13264575a777367485b0d48924f194eab2948244c1d1b636631aa7f6e85e0e
SSDEEP

3072:XJ3vARo5C7grM3hP3UL9QPbOSZ6KgT2vGhxEuYRoioBsHszSv2:XlD5CZx3UL9+bOXKyf/iQsH4Sv2

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Condition.Pdf_____________________________________________________________.exe
- Size
  
  193KB
- MD5
  
  30e0b36b2d521349158517b34d4acd78
- SHA1
  
  cd42b3395aa69071e9b60bd6760c356ec91478ee
- SHA256
  
  5578d702c7fd246e11f71c4edb27b316ca267c6161effab324c9f6e6260bc9e5
- SHA512
  
  ead402fd51d9438d94019d5311e6a82b550e436a30df107a5d78b3a83ef89730a9250c8f5b1f5ba1e77373d94cc8d432ffa3f5d9e3ebb2c813dcb8e1be552722
- SSDEEP
  
  3072:9DsjAbUHwEHnhP3UL9QPbOSp6KgT2vGagCJK51YinXp:9DmAAHtx3UL9+bOVKqCJK5mi5
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan