942d08625abb07ad3007839d737192a9180468f1475d89888874f55f1300946d | Triage

Sharing

General

Target

942d08625abb07ad3007839d737192a9180468f1475d89888874f55f1300946d
Size

28KB
Sample

221128-gmylzaeh5t
MD5

0fb7c8f601dfbefcd3ba68aad2916f23
SHA1

585ac765b1e32029760ce12c8dbc610a155d6f0d
SHA256

942d08625abb07ad3007839d737192a9180468f1475d89888874f55f1300946d
SHA512

1f2c9631a03a51f733f6563e4afc6e20eec6a69a3630f002e075384b9e304a145963f0cc0078974be56cd1738930b61ddc1b718c56ae8402372f0ef0758a3c6b
SSDEEP

384:7VxT5T8TckZUSPxuEUi0ZbQzZrf6+MLv5lY644ozgz65qk3Vq/EUkx87t2Qj:XFLkBxuEp0WzZrfZNdpO6lVqMrxUgQj

Score

6^/10

persistence ransomware

Malware Config

Targets

- Target
  
  942d08625abb07ad3007839d737192a9180468f1475d89888874f55f1300946d
- Size
  
  28KB
- MD5
  
  0fb7c8f601dfbefcd3ba68aad2916f23
- SHA1
  
  585ac765b1e32029760ce12c8dbc610a155d6f0d
- SHA256
  
  942d08625abb07ad3007839d737192a9180468f1475d89888874f55f1300946d
- SHA512
  
  1f2c9631a03a51f733f6563e4afc6e20eec6a69a3630f002e075384b9e304a145963f0cc0078974be56cd1738930b61ddc1b718c56ae8402372f0ef0758a3c6b
- SSDEEP
  
  384:7VxT5T8TckZUSPxuEUi0ZbQzZrf6+MLv5lY644ozgz65qk3Vq/EUkx87t2Qj:XFLkBxuEp0WzZrfZNdpO6lVqMrxUgQj
Score

6^/10

persistence ransomware
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

persistenceransomware