2db5784ab2bfd988502681bc81aac5b1d4ba1b7dffaf91b41c473bcd32f7ffaf | Triage

Sharing

General

Target

2db5784ab2bfd988502681bc81aac5b1d4ba1b7dffaf91b41c473bcd32f7ffaf
Size

748KB
Sample

221128-drf1yaah77
MD5

b9fbd44ae4bb503fa7d6e919c1e05dbf
SHA1

e387433d6a0d855c76315b3bf153f89fbdef5d60
SHA256

2db5784ab2bfd988502681bc81aac5b1d4ba1b7dffaf91b41c473bcd32f7ffaf
SHA512

b92515ebe4eb2b1cd14eda6e08df7b9e7e35f53b34a9707dd437290ad80f20c4fa985231d762a082323b01c1326ab55cd38cb48cb0571b43176ed3b5814d374f
SSDEEP

12288:9dp8fcP7cG9CZmSqKd89MP7qIKVYBXQHSo+eJoxG+wzBZARFeT:t8qbfwd8WPObVRHSo+0MGrBmQT

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  2db5784ab2bfd988502681bc81aac5b1d4ba1b7dffaf91b41c473bcd32f7ffaf
- Size
  
  748KB
- MD5
  
  b9fbd44ae4bb503fa7d6e919c1e05dbf
- SHA1
  
  e387433d6a0d855c76315b3bf153f89fbdef5d60
- SHA256
  
  2db5784ab2bfd988502681bc81aac5b1d4ba1b7dffaf91b41c473bcd32f7ffaf
- SHA512
  
  b92515ebe4eb2b1cd14eda6e08df7b9e7e35f53b34a9707dd437290ad80f20c4fa985231d762a082323b01c1326ab55cd38cb48cb0571b43176ed3b5814d374f
- SSDEEP
  
  12288:9dp8fcP7cG9CZmSqKd89MP7qIKVYBXQHSo+eJoxG+wzBZARFeT:t8qbfwd8WPObVRHSo+0MGrBmQT
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan