53f184a7bdf2b67148454207b6eb463cd01f0b4b57ed93f9b7792d1e7672b382 | Triage

Sharing

General

Target

53f184a7bdf2b67148454207b6eb463cd01f0b4b57ed93f9b7792d1e7672b382
Size

238KB
Sample

221128-g1sb4sbg35
MD5

be009e5259b220643b1299ee87924c48
SHA1

969fc0b582688127aa8cace9307dafb71f997640
SHA256

53f184a7bdf2b67148454207b6eb463cd01f0b4b57ed93f9b7792d1e7672b382
SHA512

b4b80629f80cd8d17f52132d5f77854d1399cd5a9e911a101d9d17258ff590e21c900a97efce2e3c6be40796aef1cc91ad793a5611744e77b79bacb0a8eff102
SSDEEP

3072:B5Gqpg+TLvyAGu+drHkCsyAAg0Fu1Y9tHhJXAL/kEtLCuRTLN/Bact8vfWgF9PNn:B11XCsrAOYEtBTL96aq920

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  53f184a7bdf2b67148454207b6eb463cd01f0b4b57ed93f9b7792d1e7672b382
- Size
  
  238KB
- MD5
  
  be009e5259b220643b1299ee87924c48
- SHA1
  
  969fc0b582688127aa8cace9307dafb71f997640
- SHA256
  
  53f184a7bdf2b67148454207b6eb463cd01f0b4b57ed93f9b7792d1e7672b382
- SHA512
  
  b4b80629f80cd8d17f52132d5f77854d1399cd5a9e911a101d9d17258ff590e21c900a97efce2e3c6be40796aef1cc91ad793a5611744e77b79bacb0a8eff102
- SSDEEP
  
  3072:B5Gqpg+TLvyAGu+drHkCsyAAg0Fu1Y9tHhJXAL/kEtLCuRTLN/Bact8vfWgF9PNn:B11XCsrAOYEtBTL96aq920
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2