4f60e0c2fc72ccd0d3daec562d158884ef4110c215c873c440fc10f8d0593773 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f60e0c2fc72ccd0d3daec562d158884ef4110c215c873c440fc10f8d0593773
Size

363KB
Sample

221222-lbszkahd5v
MD5

54919e1bd37c6431b3b1b8b6d53aabfe
SHA1

c2327bab84fa0d55cc23ee5006c83f0a6dc53e4c
SHA256

4f60e0c2fc72ccd0d3daec562d158884ef4110c215c873c440fc10f8d0593773
SHA512

9b1d07e28cc63075748d42c2afdac6f55332d35dcd791c93ecfbe73d5868c3fbc84558f0778358e576babb955210b4fc79a263fa703009ed247391ccc3790722
SSDEEP

6144:5aPIWVeTdJKsLxgcSNDQL5Q9VuwLmh0kdH371oe:5uTs1gBpQL5kmh0671oe

Score

8^/10

persistence ransomware

Malware Config

Targets

- Target
  
  4f60e0c2fc72ccd0d3daec562d158884ef4110c215c873c440fc10f8d0593773
- Size
  
  363KB
- MD5
  
  54919e1bd37c6431b3b1b8b6d53aabfe
- SHA1
  
  c2327bab84fa0d55cc23ee5006c83f0a6dc53e4c
- SHA256
  
  4f60e0c2fc72ccd0d3daec562d158884ef4110c215c873c440fc10f8d0593773
- SHA512
  
  9b1d07e28cc63075748d42c2afdac6f55332d35dcd791c93ecfbe73d5868c3fbc84558f0778358e576babb955210b4fc79a263fa703009ed247391ccc3790722
- SSDEEP
  
  6144:5aPIWVeTdJKsLxgcSNDQL5Q9VuwLmh0kdH371oe:5uTs1gBpQL5kmh0671oe
Score

8^/10

persistence ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomware