8aae7f0575d68d4070b66bb528c3e4f4270a09156c00989fe25609c7b519a76d | Triage

Sharing

General

Target

8aae7f0575d68d4070b66bb528c3e4f4270a09156c00989fe25609c7b519a76d
Size

352KB
Sample

221128-e3c9vsaf7t
MD5

b4de54b35be567dccdb82bdd68ee2e65
SHA1

2bd1c9fa438584b9305cd08f7b81c3b02eb9bfdc
SHA256

8aae7f0575d68d4070b66bb528c3e4f4270a09156c00989fe25609c7b519a76d
SHA512

8d5a2128d10061572550ca3af95e04af04b3149af64306aa2044c23772651054e010ad9a3b6ffc6103bcde5c934abb00f81f74dc819292be888652f41da1124c
SSDEEP

6144:Ii7FhAd2I4+zdGDSkKstgehkB2bNlHRQp1SKjrU8C:nFmdH4adGDSkl9/87

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  8aae7f0575d68d4070b66bb528c3e4f4270a09156c00989fe25609c7b519a76d
- Size
  
  352KB
- MD5
  
  b4de54b35be567dccdb82bdd68ee2e65
- SHA1
  
  2bd1c9fa438584b9305cd08f7b81c3b02eb9bfdc
- SHA256
  
  8aae7f0575d68d4070b66bb528c3e4f4270a09156c00989fe25609c7b519a76d
- SHA512
  
  8d5a2128d10061572550ca3af95e04af04b3149af64306aa2044c23772651054e010ad9a3b6ffc6103bcde5c934abb00f81f74dc819292be888652f41da1124c
- SSDEEP
  
  6144:Ii7FhAd2I4+zdGDSkKstgehkB2bNlHRQp1SKjrU8C:nFmdH4adGDSkl9/87
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2