b6555a8d62f03786498e06b1f673a3350fd83e374055cd91f3d99bf5873c594b | Triage

Sharing

General

Target

b6555a8d62f03786498e06b1f673a3350fd83e374055cd91f3d99bf5873c594b
Size

129KB
Sample

221128-e3j3eaef47
MD5

d77fe688327ca995e2fd98e557f67772
SHA1

12f451246e98e18418bbed8df55d847eb2d96222
SHA256

b6555a8d62f03786498e06b1f673a3350fd83e374055cd91f3d99bf5873c594b
SHA512

47ccdc9d2375c40b6714d6a0aead86c5678e5dd00c2bb1484e1d7e0786126846a743ed51182d31133e2964bebf16bfa40f312761c1cfc26160e22e27fef26aea
SSDEEP

3072:B7RC+zd/EtzAAJ1rVAgCQXopj4B6SVqCgQfBUnPy8L66iiSM:B7JdEt8ATrdCQ4pj4B6SVqCgQfBUPy8S

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  b6555a8d62f03786498e06b1f673a3350fd83e374055cd91f3d99bf5873c594b
- Size
  
  129KB
- MD5
  
  d77fe688327ca995e2fd98e557f67772
- SHA1
  
  12f451246e98e18418bbed8df55d847eb2d96222
- SHA256
  
  b6555a8d62f03786498e06b1f673a3350fd83e374055cd91f3d99bf5873c594b
- SHA512
  
  47ccdc9d2375c40b6714d6a0aead86c5678e5dd00c2bb1484e1d7e0786126846a743ed51182d31133e2964bebf16bfa40f312761c1cfc26160e22e27fef26aea
- SSDEEP
  
  3072:B7RC+zd/EtzAAJ1rVAgCQXopj4B6SVqCgQfBUnPy8L66iiSM:B7JdEt8ATrdCQ4pj4B6SVqCgQfBUPy8S
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2