605116c6b8a84efa4e25bd42f75ee8f88e02f7cff895fb434a55ce9ddfc9b710 | Triage

Sharing

General

Target

605116c6b8a84efa4e25bd42f75ee8f88e02f7cff895fb434a55ce9ddfc9b710
Size

316KB
Sample

221128-kdkkjahg96
MD5

6a60a270addbfad002914e5a5bc5ef0e
SHA1

510b3203b1a7f0385cda3bc2aa7e7d53c9168f6b
SHA256

605116c6b8a84efa4e25bd42f75ee8f88e02f7cff895fb434a55ce9ddfc9b710
SHA512

6efc8826704c98d49316a0d5b45927933a5d44d428d9ede192acea11662cb8cec0811eefdd6e4e534e4445c6f0fc572232e0696947c6871d91abc81f8fe937ef
SSDEEP

6144:O3UhrPPvuEQo0PwM2by87ts+c5/IYHdp8G/:O3czuEQYMOv5R0/IYHL8G/

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  605116c6b8a84efa4e25bd42f75ee8f88e02f7cff895fb434a55ce9ddfc9b710
- Size
  
  316KB
- MD5
  
  6a60a270addbfad002914e5a5bc5ef0e
- SHA1
  
  510b3203b1a7f0385cda3bc2aa7e7d53c9168f6b
- SHA256
  
  605116c6b8a84efa4e25bd42f75ee8f88e02f7cff895fb434a55ce9ddfc9b710
- SHA512
  
  6efc8826704c98d49316a0d5b45927933a5d44d428d9ede192acea11662cb8cec0811eefdd6e4e534e4445c6f0fc572232e0696947c6871d91abc81f8fe937ef
- SSDEEP
  
  6144:O3UhrPPvuEQo0PwM2by87ts+c5/IYHdp8G/:O3czuEQYMOv5R0/IYHL8G/
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2