Overview

overview

9

Static

static

Responder....__.exe

windows7-x64

9

Responder....__.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92f668c87333149798e88fd701a6ed3258985363db0043f30e530a30b3350f98

  • Size

    234KB

  • Sample

    221128-cnxnvacc3x

  • MD5

    41ac58cad20d1aa2ce1c90b3305d9ab6

  • SHA1

    101da6dc9a9f041e2c2ac644c9e243bed709b703

  • SHA256

    92f668c87333149798e88fd701a6ed3258985363db0043f30e530a30b3350f98

  • SHA512

    324e4d56ccb8c4f26b3ca042d84b255e3435d60cfdfb5b03b11b5abd07c943bdab477f4106774168a64c261cb04ad3be55bb83e37d8e1c5a9cfbdfccde7860cb

  • SSDEEP

    6144:401T7HfzhdMX0KrnBUMFmQXTLpnJ6LCoEh5U3fXy:40Xft+XtrnGQfKCZd

Score
9/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Responder.Pdf _____________________________________________________________.exe

    • Size

      296KB

    • MD5

      931a3a162c8a16c141d12fa0b1c36509

    • SHA1

      11b55d6a5a40dcee509da0e4c8cc96a353e6e35f

    • SHA256

      a033bc4bd6ef532bf15c06c0be8a5d0632cae01002abc5822659170285660499

    • SHA512

      72223e21d8d8aa128c17403d23822d9d5dea1e581d79e6929110fa4103453960c721990c6ce1f05cc6fe5e90ccbbc967cc1a4a890b6d1f94ec77ebcffac3e5a0

    • SSDEEP

      6144:cfSb2QKX6KRvqDsQBYVndvPabiSHaUPpavnElI:cfw7KZgKndvYPpav3

    Score
    9/10
    evasionpersistenceransomwaretrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks