3f7454597163393ce8192dde5b77d5c9fe37b3c75bb4aca471a862721003b6ba | Triage

Sharing

General

Target

3f7454597163393ce8192dde5b77d5c9fe37b3c75bb4aca471a862721003b6ba
Size

809KB
Sample

221128-g4b5asbh78
MD5

4ce038d79655af6937ffe506cdf53a5f
SHA1

b299f3e6794de5c7b1bcb98090ce4c5e2ddbc352
SHA256

3f7454597163393ce8192dde5b77d5c9fe37b3c75bb4aca471a862721003b6ba
SHA512

879af4836c34e53f76225f2784d683e689c81470d9a5c4608bf0d8eab33914b12b8f0253ab9b2b23dcc9afdf9105041be1b411e8c90ce2e1e374bea8b7d019b3
SSDEEP

12288:CjNTa+fyM4s90RaldjkcXkWZzDfqKonqUL9mXguHlem:WTNPj0IdMWZzDfqKonLL9mnlem

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  3f7454597163393ce8192dde5b77d5c9fe37b3c75bb4aca471a862721003b6ba
- Size
  
  809KB
- MD5
  
  4ce038d79655af6937ffe506cdf53a5f
- SHA1
  
  b299f3e6794de5c7b1bcb98090ce4c5e2ddbc352
- SHA256
  
  3f7454597163393ce8192dde5b77d5c9fe37b3c75bb4aca471a862721003b6ba
- SHA512
  
  879af4836c34e53f76225f2784d683e689c81470d9a5c4608bf0d8eab33914b12b8f0253ab9b2b23dcc9afdf9105041be1b411e8c90ce2e1e374bea8b7d019b3
- SSDEEP
  
  12288:CjNTa+fyM4s90RaldjkcXkWZzDfqKonqUL9mXguHlem:WTNPj0IdMWZzDfqKonLL9mnlem
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2