5cb223d0a5a81088111c79b03def6e2b5bb20701689fe069cc1e649af6a63f29 | Triage

Sharing

General

Target

win_clean.exe
Size

539KB
Sample

230401-fqy68shd9y
MD5

c95eca96375b48080ee4c65ad277b1f4
SHA1

d2f90ceb9ccb67c662d3a7030754179491437cde
SHA256

5cb223d0a5a81088111c79b03def6e2b5bb20701689fe069cc1e649af6a63f29
SHA512

7f9722dbe571f934137eaf649cf961985d8c8c6a34a0746866007ea8656b6ca23ede2c9fb4f589f74c830f933ace59bc3684e9b2e172e90a80735fedeb01b399
SSDEEP

12288:NcrNS33L10QdrX5T+tkDnCuZwFxfYYzwBHZulEEon8g+R:wNA3R5drXzDLmrftzEHZcpon1O

Score

9^/10

evasion ransomware

Malware Config

Targets

- Target
  
  win_clean.exe
- Size
  
  539KB
- MD5
  
  c95eca96375b48080ee4c65ad277b1f4
- SHA1
  
  d2f90ceb9ccb67c662d3a7030754179491437cde
- SHA256
  
  5cb223d0a5a81088111c79b03def6e2b5bb20701689fe069cc1e649af6a63f29
- SHA512
  
  7f9722dbe571f934137eaf649cf961985d8c8c6a34a0746866007ea8656b6ca23ede2c9fb4f589f74c830f933ace59bc3684e9b2e172e90a80735fedeb01b399
- SSDEEP
  
  12288:NcrNS33L10QdrX5T+tkDnCuZwFxfYYzwBHZulEEon8g+R:wNA3R5drXzDLmrftzEHZcpon1O
Score

9^/10

evasion ransomware
- Clears Windows event logs
  evasion ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Indicator Removal on Host

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomware