222fd3efb402cd02bd7e63295e7f9f63e351b2329b040f2f20e505ea6e9c7bad | Triage

Sharing

General

Target

222fd3efb402cd02bd7e63295e7f9f63e351b2329b040f2f20e505ea6e9c7bad
Size

462KB
Sample

221128-cpqa6agb76
MD5

8b638a770dda18903114ebe39badcd98
SHA1

30f45f51316e8529148c3d80656da026b8306485
SHA256

222fd3efb402cd02bd7e63295e7f9f63e351b2329b040f2f20e505ea6e9c7bad
SHA512

e0a7a25ce7fddeba6ed07f09c5b13c5a78b6c483d775e0e4237b469a6e4c9e0c653364178637dbaa63942b95c11b22ee253b8d86fb2fcef33a7a9e62c2eac0b9
SSDEEP

6144:pi4LrqCFyLEYK2P1VanQ2caCjJXF/j/IMGK/EeD71wlTZF5558cF0I:pLvvIL1CCFXF/P7j7aTDDqcFX

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  222fd3efb402cd02bd7e63295e7f9f63e351b2329b040f2f20e505ea6e9c7bad
- Size
  
  462KB
- MD5
  
  8b638a770dda18903114ebe39badcd98
- SHA1
  
  30f45f51316e8529148c3d80656da026b8306485
- SHA256
  
  222fd3efb402cd02bd7e63295e7f9f63e351b2329b040f2f20e505ea6e9c7bad
- SHA512
  
  e0a7a25ce7fddeba6ed07f09c5b13c5a78b6c483d775e0e4237b469a6e4c9e0c653364178637dbaa63942b95c11b22ee253b8d86fb2fcef33a7a9e62c2eac0b9
- SSDEEP
  
  6144:pi4LrqCFyLEYK2P1VanQ2caCjJXF/j/IMGK/EeD71wlTZF5558cF0I:pLvvIL1CCFXF/P7j7aTDDqcFX
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2