4b20937d2f09872bdb78359d0df30b554d514c7f2df07c4026f99c859b09d1f1 | Triage

Sharing

General

Target

4b20937d2f09872bdb78359d0df30b554d514c7f2df07c4026f99c859b09d1f1
Size

766KB
Sample

221128-e2zfpsee88
MD5

9b1da810487cdcb458d46f394f561fdb
SHA1

b8fbf9babf7182cf7dd1e6039e4c2a072a4df70c
SHA256

4b20937d2f09872bdb78359d0df30b554d514c7f2df07c4026f99c859b09d1f1
SHA512

babbecf43d00e1cfe58b9b3d2895993624e62f136178f64616f43e49c1006dc9d64d6e2dcfa3b88434ad9b9790270aa063236deaaf92022d8b3ebeaa42efd7fc
SSDEEP

12288:CH+pDu9YrDQKiXEfiVzhY1Iys0P9ckgveteiZLnfHSoGKmeVd8kyBwvBH4JVJ:Ce0sDNiUfiPgI91kgveYAHSoGoWeOVJ

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  4b20937d2f09872bdb78359d0df30b554d514c7f2df07c4026f99c859b09d1f1
- Size
  
  766KB
- MD5
  
  9b1da810487cdcb458d46f394f561fdb
- SHA1
  
  b8fbf9babf7182cf7dd1e6039e4c2a072a4df70c
- SHA256
  
  4b20937d2f09872bdb78359d0df30b554d514c7f2df07c4026f99c859b09d1f1
- SHA512
  
  babbecf43d00e1cfe58b9b3d2895993624e62f136178f64616f43e49c1006dc9d64d6e2dcfa3b88434ad9b9790270aa063236deaaf92022d8b3ebeaa42efd7fc
- SSDEEP
  
  12288:CH+pDu9YrDQKiXEfiVzhY1Iys0P9ckgveteiZLnfHSoGKmeVd8kyBwvBH4JVJ:Ce0sDNiUfiPgI91kgveYAHSoGoWeOVJ
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan