f3611eb6f213a168855a0d8cfd0711920b3c643e054b6b0c9779bdd229412208 | Triage

Sharing

General

Target

f3611eb6f213a168855a0d8cfd0711920b3c643e054b6b0c9779bdd229412208
Size

469KB
Sample

221128-jslwgagc24
MD5

362479f2bf81adb0231c5d608ddae80d
SHA1

efc926d62a7350349a62d85bb45d206054497be7
SHA256

f3611eb6f213a168855a0d8cfd0711920b3c643e054b6b0c9779bdd229412208
SHA512

df5f14976ba3fb0d40ed8cfdc96f0b9f0520f1138f9143f12af275607f16b4b42e51108aff01fad234615fdf949c1c548b2813e39e4cc06634ee68e9eb8a7b5d
SSDEEP

6144:bi0LrqaFy7EZK2P1QTcyPa8v1v36WuRty0B/pBcbrWu:b3v3I78DMVB6VxhSPWu

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  f3611eb6f213a168855a0d8cfd0711920b3c643e054b6b0c9779bdd229412208
- Size
  
  469KB
- MD5
  
  362479f2bf81adb0231c5d608ddae80d
- SHA1
  
  efc926d62a7350349a62d85bb45d206054497be7
- SHA256
  
  f3611eb6f213a168855a0d8cfd0711920b3c643e054b6b0c9779bdd229412208
- SHA512
  
  df5f14976ba3fb0d40ed8cfdc96f0b9f0520f1138f9143f12af275607f16b4b42e51108aff01fad234615fdf949c1c548b2813e39e4cc06634ee68e9eb8a7b5d
- SSDEEP
  
  6144:bi0LrqaFy7EZK2P1QTcyPa8v1v36WuRty0B/pBcbrWu:b3v3I78DMVB6VxhSPWu
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2