b1c4460b9967985862e8998c1cceba8424f023c0eb5ca6163d7b9b54b41f38ad | Triage

Sharing

General

Target

b1c4460b9967985862e8998c1cceba8424f023c0eb5ca6163d7b9b54b41f38ad
Size

630KB
Sample

221128-eas5lsgd7s
MD5

9662f36fb3bcd1ad2614a8c00915db6c
SHA1

a890da3e998872f7235c163e1351619267066433
SHA256

b1c4460b9967985862e8998c1cceba8424f023c0eb5ca6163d7b9b54b41f38ad
SHA512

412b0783618b7e0a3c1671f07b301465b052cc809d8c7d18bf9b9cd0492c4b13937bc5038a746444a467ebd99a0de8d1e6897f96e71fe3fe5d05c9e664cea225
SSDEEP

12288:NKHO5cPTJlu3NOuCxV67lbMAGUyxHSoeZwLyai/WjXHMObw4D:NaOsWQ7IlgdHSoeZHWjXMW

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  b1c4460b9967985862e8998c1cceba8424f023c0eb5ca6163d7b9b54b41f38ad
- Size
  
  630KB
- MD5
  
  9662f36fb3bcd1ad2614a8c00915db6c
- SHA1
  
  a890da3e998872f7235c163e1351619267066433
- SHA256
  
  b1c4460b9967985862e8998c1cceba8424f023c0eb5ca6163d7b9b54b41f38ad
- SHA512
  
  412b0783618b7e0a3c1671f07b301465b052cc809d8c7d18bf9b9cd0492c4b13937bc5038a746444a467ebd99a0de8d1e6897f96e71fe3fe5d05c9e664cea225
- SSDEEP
  
  12288:NKHO5cPTJlu3NOuCxV67lbMAGUyxHSoeZwLyai/WjXHMObw4D:NaOsWQ7IlgdHSoeZHWjXMW
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan