99cf5f08b0933da8a5785c8e8695e6afcc4975d56e986ed162ad1c9e6ec6f010 | Triage

Sharing

General

Target

99cf5f08b0933da8a5785c8e8695e6afcc4975d56e986ed162ad1c9e6ec6f010
Size

129KB
Sample

221128-e3kc6sef49
MD5

b05827b477d68c75ec09dd9c069efc25
SHA1

4a79ff851f0f88f0da4c78e73f6096534c3774d7
SHA256

99cf5f08b0933da8a5785c8e8695e6afcc4975d56e986ed162ad1c9e6ec6f010
SHA512

5d0420200c12ab9fab997da36b28eda51342fc4dc0bb1607dd2aa56e20df808d7d0ea36f1fd7382768a56ab5c1e3f6504032a353dcedb46f9cd1a4ead1a7bcf5
SSDEEP

3072:rhR98zd/EtzAAa1roAl4bI+m/B6SVqCgQfBUnPy8L66iiSM:rhodEt8AMrmI+m/B6SVqCgQfBUPy8L6H

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  99cf5f08b0933da8a5785c8e8695e6afcc4975d56e986ed162ad1c9e6ec6f010
- Size
  
  129KB
- MD5
  
  b05827b477d68c75ec09dd9c069efc25
- SHA1
  
  4a79ff851f0f88f0da4c78e73f6096534c3774d7
- SHA256
  
  99cf5f08b0933da8a5785c8e8695e6afcc4975d56e986ed162ad1c9e6ec6f010
- SHA512
  
  5d0420200c12ab9fab997da36b28eda51342fc4dc0bb1607dd2aa56e20df808d7d0ea36f1fd7382768a56ab5c1e3f6504032a353dcedb46f9cd1a4ead1a7bcf5
- SSDEEP
  
  3072:rhR98zd/EtzAAa1roAl4bI+m/B6SVqCgQfBUnPy8L66iiSM:rhodEt8AMrmI+m/B6SVqCgQfBUPy8L6H
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2