47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 | Triage

Resubmissions

31-03-2023 20:16

230331-y2e7lsdb38 10

31-03-2023 20:11

230331-yyjqmada99 1

Sharing

General

Target

NoEscape.zip
Size

616KB
Sample

230331-y2e7lsdb38
MD5

ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1

9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256

47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512

6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9
SSDEEP

12288:1PQuO1JLx2auoA82iqOxdOc7XPkmpOw6mqc5m937hnTMktj1H:1PVqJx2auYqw7dOw6mql3nNBd

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  NoEscape.zip
- Size
  
  616KB
- MD5
  
  ef4fdf65fc90bfda8d1d2ae6d20aff60
- SHA1
  
  9431227836440c78f12bfb2cb3247d59f4d4640b
- SHA256
  
  47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
- SHA512
  
  6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9
- SSDEEP
  
  12288:1PQuO1JLx2auoA82iqOxdOc7XPkmpOw6mqc5m937hnTMktj1H:1PVqJx2auYqw7dOw6mql3nNBd
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan