fe272a2ef8fdac9d65b0140594854b840ecdf9a5f409ca84bc5367fe63ca3dbc | Triage

Sharing

General

Target

fe272a2ef8fdac9d65b0140594854b840ecdf9a5f409ca84bc5367fe63ca3dbc
Size

234KB
Sample

221128-cntbescc2y
MD5

8e172f4d3ff3aa7d279cc586af1e88f7
SHA1

f4bfecdd842409daaaaebe38f946dbaf4e3e396c
SHA256

fe272a2ef8fdac9d65b0140594854b840ecdf9a5f409ca84bc5367fe63ca3dbc
SHA512

c1db9b11e1919591b2c4e6296d34bd5ffeab4de97de82213269d517caffcc4a4b25860dc356f60ec3f3a46d289da33afde4c7ccd93f9dc51634f8d34444598ce
SSDEEP

6144:401T7HfzhdMX0KrnBUMFmQXTLpnJ6LCoEh5U3fXO:40Xft+XtrnGQfKCZF

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Informe.Pdf _____________________________________________________________.exe
- Size
  
  296KB
- MD5
  
  931a3a162c8a16c141d12fa0b1c36509
- SHA1
  
  11b55d6a5a40dcee509da0e4c8cc96a353e6e35f
- SHA256
  
  a033bc4bd6ef532bf15c06c0be8a5d0632cae01002abc5822659170285660499
- SHA512
  
  72223e21d8d8aa128c17403d23822d9d5dea1e581d79e6929110fa4103453960c721990c6ce1f05cc6fe5e90ccbbc967cc1a4a890b6d1f94ec77ebcffac3e5a0
- SSDEEP
  
  6144:cfSb2QKX6KRvqDsQBYVndvPabiSHaUPpavnElI:cfw7KZgKndvYPpav3
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan