royal | 5a805633a81b70c478b164a6057d5df41af974626620d9afb1b1a35df73a3730 | Triage

Sharing

General

Target

221124-vwk9wscd91_pw_infected.zip
Size

1.3MB
Sample

230124-rmvv7adf5v
MD5

d6593c0f3be711e36f37ef57f2f05cea
SHA1

5a62c967d72436af3423a3722845a04bab379f48
SHA256

5a805633a81b70c478b164a6057d5df41af974626620d9afb1b1a35df73a3730
SHA512

e5f1049f68b75637ff1616684afc13ecaa511d3a1b7431502f609733ac85d906206c04aac7566fd7fa17b03bf57904fad92f02f82f3c4e0e156ea43f4db7d0d6
SSDEEP

24576:mlOW2i8wFWAlI70hsO9bfOTQ3SoOwmDkYzywyurcJG6Yapgcm4V:RWGsWA6BO9TdSHwXERcL0RU

Score

10^/10

royal ransomware

Malware Config

Targets

- Target
  
  f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
- Size
  
  2.9MB
- MD5
  
  df0b88dafe7a65295f99e69a67db9e1b
- SHA1
  
  db3163a09eb33ff4370ad162a05f4b2584a20456
- SHA256
  
  f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429
- SHA512
  
  2206969d222882dd8b7e3e5671311462266277d699e08e3016a7b3781b17390e8dd11956d8aaecae996a2c16227d7b2390eb84b9b8df26e39ffe8f38d5b76fbd
- SSDEEP
  
  49152:cDVwASOLGtlqrRIU6i9+vazNqQlJZP1BMU2thA8mNtNCiJlrRUFcJ7HIPcLzkw5c:wm+GaNqqJJ12vlZol8cJ7rc3
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

ransomwareroyal

behavioral1

behavioral2