bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705 | Triage

Resubmissions

16-03-2023 09:24

230316-ldhxdaab62 10

16-03-2023 09:12

230316-k56l3sab26 10

30-01-2023 14:58

230130-sb9ewaag73 9

30-01-2023 14:44

230130-r4m7nscd8s 9

13-01-2023 09:23

230113-lcgmxsfh22 9

Sharing

General

Target

Roseland.bin
Size

807KB
Sample

230130-sb9ewaag73
MD5

19944159dfa94a1b75effd85e6b906dc
SHA1

250acf87366f4c0cf91679a0e93dfc79954f0f10
SHA256

bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705
SHA512

c791840f59c2fc906c197c43e0e1717b9504cf46177a3688ecbd4937cdbf95349d68cc1e63649b85f02df4e6990c4df4756dd8267b062ea5271dd61fc3e508b0
SSDEEP

12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYA7:u4s+oT+NXBLi0rjFXvyHBlbnCZa8

Score

9^/10

evasion ransomware

Malware Config

Targets

- Target
  
  Roseland.bin
- Size
  
  807KB
- MD5
  
  19944159dfa94a1b75effd85e6b906dc
- SHA1
  
  250acf87366f4c0cf91679a0e93dfc79954f0f10
- SHA256
  
  bff12a83b1fc2e0ad0000ad9b68abc8eada559bb1094caaf5b9f52887df23705
- SHA512
  
  c791840f59c2fc906c197c43e0e1717b9504cf46177a3688ecbd4937cdbf95349d68cc1e63649b85f02df4e6990c4df4756dd8267b062ea5271dd61fc3e508b0
- SSDEEP
  
  12288:0Z4s3rg9u/2/oT+NXtHLlP/O+OeO+OeNhBBhhBBAtHg9rjI+LXJ0ivlzkHBDsYA7:u4s+oT+NXBLi0rjFXvyHBlbnCZa8
Score

9^/10

evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomware