8afc51fb904b25124bd5cb41985e917333071d1af1c6ab83cc7ae408e7cb0e7e | Triage

Sharing

General

Target

8afc51fb904b25124bd5cb41985e917333071d1af1c6ab83cc7ae408e7cb0e7e
Size

765KB
Sample

221128-e2vgraaf4s
MD5

54a6d762039fd77d11669ca5ee10f56f
SHA1

3f2b17cbe9a5291d8f14f9359113bf7f59ea13ba
SHA256

8afc51fb904b25124bd5cb41985e917333071d1af1c6ab83cc7ae408e7cb0e7e
SHA512

44fe379e68cdbac584d33589859ca65791640e1a013dbc92bb770ede63f95841ddb2e76f7616f2736417c8b8ad040ce3cebbd669882a7e88a1e1c09d65f789de
SSDEEP

12288:oV+pDu9YrDQKiXEfiVzhY1Iys0P9ck4gete0bKSctHSoHvVn6eVijzFME4fmUReH:oI0sDNiUfiPgI91k4geY2F2HSoHvB6cs

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  8afc51fb904b25124bd5cb41985e917333071d1af1c6ab83cc7ae408e7cb0e7e
- Size
  
  765KB
- MD5
  
  54a6d762039fd77d11669ca5ee10f56f
- SHA1
  
  3f2b17cbe9a5291d8f14f9359113bf7f59ea13ba
- SHA256
  
  8afc51fb904b25124bd5cb41985e917333071d1af1c6ab83cc7ae408e7cb0e7e
- SHA512
  
  44fe379e68cdbac584d33589859ca65791640e1a013dbc92bb770ede63f95841ddb2e76f7616f2736417c8b8ad040ce3cebbd669882a7e88a1e1c09d65f789de
- SSDEEP
  
  12288:oV+pDu9YrDQKiXEfiVzhY1Iys0P9ck4gete0bKSctHSoHvVn6eVijzFME4fmUReH:oI0sDNiUfiPgI91k4geY2F2HSoHvB6cs
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2