97f915ea23eb08cb0a18530f30430afc467bb080108d9ea2176112a1f6b82765 | Triage

Sharing

General

Target

97f915ea23eb08cb0a18530f30430afc467bb080108d9ea2176112a1f6b82765
Size

751KB
Sample

221128-dgjzvaeb8x
MD5

e816523edffe416951891844664d86b7
SHA1

70c40d808b31f3ea8d046b40871c2a4b0b8d934f
SHA256

97f915ea23eb08cb0a18530f30430afc467bb080108d9ea2176112a1f6b82765
SHA512

1bebea85411be5c8ee99ebecc000a9f45f87c7ba088dac3467745e9eb27898d38252baa7ee717ee4817a0d38914920dbd65f140e11ebf42c1edaa538a3ff1d2c
SSDEEP

12288:4dp8fcP7cG9CZmSqKd89MP7qIKVmBXQHSo+nTyAZNoZwWjeLj9XJYi39ykB:08qbfwd8WPObVPHSo+nNoZwWjIj9Gi3x

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  97f915ea23eb08cb0a18530f30430afc467bb080108d9ea2176112a1f6b82765
- Size
  
  751KB
- MD5
  
  e816523edffe416951891844664d86b7
- SHA1
  
  70c40d808b31f3ea8d046b40871c2a4b0b8d934f
- SHA256
  
  97f915ea23eb08cb0a18530f30430afc467bb080108d9ea2176112a1f6b82765
- SHA512
  
  1bebea85411be5c8ee99ebecc000a9f45f87c7ba088dac3467745e9eb27898d38252baa7ee717ee4817a0d38914920dbd65f140e11ebf42c1edaa538a3ff1d2c
- SSDEEP
  
  12288:4dp8fcP7cG9CZmSqKd89MP7qIKVmBXQHSo+nTyAZNoZwWjeLj9XJYi39ykB:08qbfwd8WPObVPHSo+nNoZwWjIj9Gi3x
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan