6195f07015a3408f58375cf7dd2444f3fe1a751cea0052cad9024fc55e8aa320 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

166c61424c79b082c52448d66f66156f.exe
Size

1.2MB
Sample

230306-l5m1eabf66
MD5

166c61424c79b082c52448d66f66156f
SHA1

0cbd03202b50932f24da07bc91f0aa1e579177f4
SHA256

6195f07015a3408f58375cf7dd2444f3fe1a751cea0052cad9024fc55e8aa320
SHA512

cd0ad1b04d2be67e072784418f9f4354e9adf194946658afa5ac8f866fa27bc6cd24659deffb0e46068d964903aa642e0f681ac31aa4c43f89b63faf16d07e7c
SSDEEP

6144:rm4TgrU5XdB6MQkz5zMAOdjhDspqO6skIGNcCqB7VYq:rXTgrU5XwpnjzDsC2C6VYq

Score

9^/10

ransomware

Malware Config

Targets

- Target
  
  166c61424c79b082c52448d66f66156f.exe
- Size
  
  1.2MB
- MD5
  
  166c61424c79b082c52448d66f66156f
- SHA1
  
  0cbd03202b50932f24da07bc91f0aa1e579177f4
- SHA256
  
  6195f07015a3408f58375cf7dd2444f3fe1a751cea0052cad9024fc55e8aa320
- SHA512
  
  cd0ad1b04d2be67e072784418f9f4354e9adf194946658afa5ac8f866fa27bc6cd24659deffb0e46068d964903aa642e0f681ac31aa4c43f89b63faf16d07e7c
- SSDEEP
  
  6144:rm4TgrU5XdB6MQkz5zMAOdjhDspqO6skIGNcCqB7VYq:rXTgrU5XwpnjzDsC2C6VYq
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2