713a40b65196c410d81dfc1f3a25e23e6f6c96feda41fe81bbc78e7385e3d5ea | Triage

Sharing

General

Target

713a40b65196c410d81dfc1f3a25e23e6f6c96feda41fe81bbc78e7385e3d5ea
Size

739KB
Sample

221128-dk6ysaee5t
MD5

4672c11098866a580e6c893d4a58cf67
SHA1

9bb461e25e7e45e17377c6a88c8dd0c9bbd699e7
SHA256

713a40b65196c410d81dfc1f3a25e23e6f6c96feda41fe81bbc78e7385e3d5ea
SHA512

a89055eabe000322a7022c27bf95e9582c01a50c1201731d8c583ecdad91cc4b78748fd95389b26408abf22e071c1d6256f7db63a47eb3ebafbd544e589ea798
SSDEEP

12288:5sp8fcP7cG9CZmSqKd89MP7BIKVfEf0HSo+/xC0v3e/ki:e8qbfwd8WPlbV60HSo+/x9e/ki

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  713a40b65196c410d81dfc1f3a25e23e6f6c96feda41fe81bbc78e7385e3d5ea
- Size
  
  739KB
- MD5
  
  4672c11098866a580e6c893d4a58cf67
- SHA1
  
  9bb461e25e7e45e17377c6a88c8dd0c9bbd699e7
- SHA256
  
  713a40b65196c410d81dfc1f3a25e23e6f6c96feda41fe81bbc78e7385e3d5ea
- SHA512
  
  a89055eabe000322a7022c27bf95e9582c01a50c1201731d8c583ecdad91cc4b78748fd95389b26408abf22e071c1d6256f7db63a47eb3ebafbd544e589ea798
- SSDEEP
  
  12288:5sp8fcP7cG9CZmSqKd89MP7BIKVfEf0HSo+/xC0v3e/ki:e8qbfwd8WPlbV60HSo+/x9e/ki
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan