e58768c3df867270aa9e3177709415005914b39d272623e8d296106ad5cf125c | Triage

Sharing

General

Target

e58768c3df867270aa9e3177709415005914b39d272623e8d296106ad5cf125c
Size

773KB
Sample

221128-e2qhssaf3v
MD5

48fc525c80aea2a073b4e16f4a98646b
SHA1

aac1555af284530a0072a0a4caa8e55231f35427
SHA256

e58768c3df867270aa9e3177709415005914b39d272623e8d296106ad5cf125c
SHA512

8baecb449ecb48431cd5cfaf4d3b5b22b4e4f13e4b0d98fef74fa8e3149c6c737214c23b21ff69290ac5bdc90f0905e221c9fe43d32b3cf378e057e807c8bd71
SSDEEP

24576:DI0sDNiUfiPgI91k4geYZF2HSoHvwA6PfRAcOsA0:Dq5iUU5nSeYiHSoH94fK0

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  e58768c3df867270aa9e3177709415005914b39d272623e8d296106ad5cf125c
- Size
  
  773KB
- MD5
  
  48fc525c80aea2a073b4e16f4a98646b
- SHA1
  
  aac1555af284530a0072a0a4caa8e55231f35427
- SHA256
  
  e58768c3df867270aa9e3177709415005914b39d272623e8d296106ad5cf125c
- SHA512
  
  8baecb449ecb48431cd5cfaf4d3b5b22b4e4f13e4b0d98fef74fa8e3149c6c737214c23b21ff69290ac5bdc90f0905e221c9fe43d32b3cf378e057e807c8bd71
- SSDEEP
  
  24576:DI0sDNiUfiPgI91k4geYZF2HSoHvwA6PfRAcOsA0:Dq5iUU5nSeYiHSoH94fK0
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2