ec07de066b60552dcd3a9abfab35d3afb300122fb346750aba618dab059bfa23 | Triage

Sharing

General

Target

ec07de066b60552dcd3a9abfab35d3afb300122fb346750aba618dab059bfa23
Size

253KB
Sample

221128-jwyz7sge42
MD5

ca52ca2061304bcb88c932b1b28c0332
SHA1

93f3261590daf4b8d588cba095d55045820d1414
SHA256

ec07de066b60552dcd3a9abfab35d3afb300122fb346750aba618dab059bfa23
SHA512

3f1395e13567f25ecc60913a4e5ab459c39e8ce9cc2122e66cc1ce646b4197cd5e6f1049a78cdc1488bd3808f018f3c42c16175c5554e046b703a1ead8cab750
SSDEEP

6144:oFiLGLdtaJip+TI5FQZwgpR+tEJjJ/yDb4QmfKMLj2Y:DLGBtaJlc5RgitE51yf4QmfKQ

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  MensajePdf_____________________________________________________________.exe
- Size
  
  313KB
- MD5
  
  97b0a298b70cbb33056e43cd3360a096
- SHA1
  
  a6ccdae016b8330c0ff44a694b44108f37eea595
- SHA256
  
  78167371bd593b20a32902f0e3182d892b047521a1185904305671b6bafd51ab
- SHA512
  
  89c7e317b11579e636aa07b3e50d110ec23f0d5e10fedf90543f1d9ca291871ea7337c7adfeef49377eaaa7ec607f05103ee339495a39a49533fbee2014f4f1a
- SSDEEP
  
  6144:l24g1A0OvpVXJ8Q0T2c/H+csQMxnw9OoteG7qIEjp/4UQ1Ms:84g1A0OvDJI2c3sQNIotjup91
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan