c5ae1b9cafaeb836145bf56a7b63029398779f703d8872bb93563791830db3b5 | Triage

Sharing

General

Target

c5ae1b9cafaeb836145bf56a7b63029398779f703d8872bb93563791830db3b5
Size

769KB
Sample

221128-e2re4aee78
MD5

74bef16e3abdf32b2f9dddf7fc5b94f3
SHA1

295042c167b278733b10b8f7ba1cb939bff3cb38
SHA256

c5ae1b9cafaeb836145bf56a7b63029398779f703d8872bb93563791830db3b5
SHA512

6427d80196e1673f0fef1ff2e3b1737554ec7bae4ce0de7587ba1bc01e94fcdaabb539ad07420edaefbd5141bbf67aee3e8a05e9ec38a8cba30d4875f34e72f2
SSDEEP

12288:i++pDu9YrDQKiXEfiVzhY1Iys0P9ckDveteS3HSo+XX73QcFW+I1GKhfaNtR:iz0sDNiUfiPgI91kDveYOHSo+nfI1Pw/

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  c5ae1b9cafaeb836145bf56a7b63029398779f703d8872bb93563791830db3b5
- Size
  
  769KB
- MD5
  
  74bef16e3abdf32b2f9dddf7fc5b94f3
- SHA1
  
  295042c167b278733b10b8f7ba1cb939bff3cb38
- SHA256
  
  c5ae1b9cafaeb836145bf56a7b63029398779f703d8872bb93563791830db3b5
- SHA512
  
  6427d80196e1673f0fef1ff2e3b1737554ec7bae4ce0de7587ba1bc01e94fcdaabb539ad07420edaefbd5141bbf67aee3e8a05e9ec38a8cba30d4875f34e72f2
- SSDEEP
  
  12288:i++pDu9YrDQKiXEfiVzhY1Iys0P9ckDveteS3HSo+XX73QcFW+I1GKhfaNtR:iz0sDNiUfiPgI91kDveYOHSo+nfI1Pw/
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan