2c24e2ea9dd67a5e72971185c262d2565a60ee90bbe731d5b25b21bbbf70b213 | Triage

Sharing

General

Target

2c24e2ea9dd67a5e72971185c262d2565a60ee90bbe731d5b25b21bbbf70b213
Size

129KB
Sample

221128-e3kzpsef52
MD5

8b9761ee9ec7bed04d40900ba31f1cc8
SHA1

6e9d2ac90b7548eb7c2577a4463e496795941a99
SHA256

2c24e2ea9dd67a5e72971185c262d2565a60ee90bbe731d5b25b21bbbf70b213
SHA512

6a6b4767e341c15117fd817783b705f4ff8a0e4d8aef4d1f4cef8e5ca1124711e7ed5a08b21407a468c3a2cc7b766ac0a1dd5b840298c558a78798760c1c557c
SSDEEP

3072:6hRx8zd/EtzAAa1roAl4bI+m/B6SVqCgQfBUnPy8L66iiSM:6hkdEt8AMrmI+m/B6SVqCgQfBUPy8L6H

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  2c24e2ea9dd67a5e72971185c262d2565a60ee90bbe731d5b25b21bbbf70b213
- Size
  
  129KB
- MD5
  
  8b9761ee9ec7bed04d40900ba31f1cc8
- SHA1
  
  6e9d2ac90b7548eb7c2577a4463e496795941a99
- SHA256
  
  2c24e2ea9dd67a5e72971185c262d2565a60ee90bbe731d5b25b21bbbf70b213
- SHA512
  
  6a6b4767e341c15117fd817783b705f4ff8a0e4d8aef4d1f4cef8e5ca1124711e7ed5a08b21407a468c3a2cc7b766ac0a1dd5b840298c558a78798760c1c557c
- SSDEEP
  
  3072:6hRx8zd/EtzAAa1roAl4bI+m/B6SVqCgQfBUnPy8L66iiSM:6hkdEt8AMrmI+m/B6SVqCgQfBUPy8L6H
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2