royal | ddb0aa14f00f562d9e8a3356fded94ee24d458a6fe11269df63ec6844274e43c

Sharing

Copy URL

Twitter E-mail

General

Target

1014.zip
Size

1.3MB
Sample

230410-gtqvpshd4x
MD5

2a97c4138ae969e69e0f440048dfe6dd
SHA1

d646bb988a6ac171c7083480c4773a09b7960b57
SHA256

ddb0aa14f00f562d9e8a3356fded94ee24d458a6fe11269df63ec6844274e43c
SHA512

b6d867f998c8fe9d881c717728e9f7ac7d12a71b8cffe31dfce2bf2faf38d652340ed9cfc3f51eca38add3ab096ceefb81542e016da585aa9fcb8b213dc3395a
SSDEEP

24576:Ykeu0+QzIQkS4dpuopGfcC85QNgSnnXYz6qraLCf6NPvdxQy5XS2uGRK6VBpxSs:YkeuQcn0osE5QNizLUCf6NPV+y9j1fxD

Score

10^/10

royal ransomware

Malware Config

Targets

- Target
  
  1014/1311595327d9d002d97380fecc61dced8feb989235ae346b224cec20558e23c3.bin
- Size
  
  59KB
- MD5
  
  a130c9c89a3dce11bb3c9eb71b6ba3f8
- SHA1
  
  3e89b1e754013a0f14dd56760b76aea060e1f08d
- SHA256
  
  1311595327d9d002d97380fecc61dced8feb989235ae346b224cec20558e23c3
- SHA512
  
  aa23716515aa5833712d1ac15904273d27dd8c70aa4aabf727f41ca018f45ff26b9076e1a923fa7be5a706fb5c35777c4a858e77708ba60c6f4420e128e3547f
- SSDEEP
  
  768:ERh6F3ytu3whIIcV0jaattabYK15ZEvK9e8gTBNKwWUMt8j0a95BDm:Etu3whIc/6c5Mtq95B
Score

3^/10
behavioral1 behavioral2
- Target
  
  1014/1dbf4645eb319e306c9acc75464d7d911f1b6211949e5a511181fe51ae0135fc.bin
- Size
  
  107KB
- MD5
  
  9c84a6acf812a5e67879c9a697354e39
- SHA1
  
  ab2ef09b8467c74388e84eae55164d41729ffa32
- SHA256
  
  1dbf4645eb319e306c9acc75464d7d911f1b6211949e5a511181fe51ae0135fc
- SHA512
  
  bc302b4b8738b16e678fe87fb95487b3a41afbbeebafa80b53ee5e3b88068acc907ca4be608217e272e103ec71d5dadd3e8b36e711db2895087f1d9e04d1ae4b
- SSDEEP
  
  3072:eyndOgky6ADbfLwjQRnOA9QNvRWK5Ow3S9lTypMu:DndO75ADLMkRHOWKcwNpMu
Score

1^/10
behavioral3 behavioral4
- Target
  
  1014/3346a27bd201cb33b49ea9f769f003ec8126b46a299aae4c4b096682f2f675e9.bin
- Size
  
  8KB
- MD5
  
  90bfe50257437f0a580ec7077dfa8555
- SHA1
  
  712735363da21a29025f4bab8ab2865fef609968
- SHA256
  
  3346a27bd201cb33b49ea9f769f003ec8126b46a299aae4c4b096682f2f675e9
- SHA512
  
  8ffe679945dd259db8a272047914dfbf813aa9e8323f454ead94aabbadaadaaa2b3fd316eee37e84910dd490a8ba3e792259165bfaea391ac7d3d6c6c448e603
- SSDEEP
  
  96:BSHncXFci21eyZxrOflYfGKWAuLTaFmfKALuewj/xRrTiH9:gHVjrk7AuL+FwKAAj/XvC9
Score

3^/10
behavioral5 behavioral6
- Target
  
  1014/3ab35b6ca9b3a0a62e87a0553dd440f306d7f406b64ea9dff530e4fa8984ab21.bin
- Size
  
  2.1MB
- MD5
  
  0a88aba1080b664c41ee15b0fa581af7
- SHA1
  
  a7cb3a15cb62a523635229a7520b9b64e1c06ca0
- SHA256
  
  3ab35b6ca9b3a0a62e87a0553dd440f306d7f406b64ea9dff530e4fa8984ab21
- SHA512
  
  283655562872225dc920c338d9cca928c407f528c9de857c76c880e4d0c255aaee7e37050e3fa8bc8659d0b4c7a34b425ffa981449d6f55bd5c130c8fdb0fd8b
- SSDEEP
  
  24576:P+KpPzIzkQoU6cvTJdCm6pMtGMt0p0LkeoqP5nV6BQ1s2Y/tJGnX+LuiehI6YL2j:Dq9FTZGkvtOqYwrUPJwzjSQsh6b
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
behavioral7 behavioral8
- Target
  
  1014/5edbc4d43f93a21d6cb19cbcccdcec5b7c6a576446e0a962d174610cf82ee64b.bin
- Size
  
  59KB
- MD5
  
  017b72650ca6d62040793a323c6c4781
- SHA1
  
  1a883642ccb37098f8e1690c239658979ddb45c7
- SHA256
  
  5edbc4d43f93a21d6cb19cbcccdcec5b7c6a576446e0a962d174610cf82ee64b
- SHA512
  
  540588ab8aa3f4e4fe947c6233951fe58eefeba1f8fe3063691c7af4b7c10a43d57cb81c8f1a69e7b45fb926c8478bfff2f80bc61ba295633d4e6f71518cb13f
- SSDEEP
  
  768:KRh6F3ytu3whIIcV0jaattabYK15ZEvK9e8gTBNKwWUMt8j0a9XBDm:Ktu3whIc/6c5Mtq9XB
Score

3^/10
behavioral10 behavioral9
- Target
  
  1014/907443abde67aaa96110d0b80fc67261582602d6242c9cc3d9eb6c2dfc8f94d2.bin
- Size
  
  60KB
- MD5
  
  67cbb21b5865fbcb87730e009deb1c4d
- SHA1
  
  9b0680f3d6b69e3fdc6b55cbeed71079be0f62cc
- SHA256
  
  907443abde67aaa96110d0b80fc67261582602d6242c9cc3d9eb6c2dfc8f94d2
- SHA512
  
  1cf0a3e7dfe3f84b8dfd3f6816ad3c1a759f6b579831882d8eb6b8476edc19415b8116c9a89f560c0810ddf15521e4432bf36993f6c280f3a7ac3096bf970f09
- SSDEEP
  
  768:MTJqhyxLuuFWtb5S0+f6LbMQbe0jyA3tGsq/RbYOtE9FCXs1WMmcG9KRCurNK8Wm:MtwNto0+4MQbXjdG9/YCyGKtKem1Q
Score

3^/10
behavioral11 behavioral12
- Target
  
  1014/a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.bin
- Size
  
  137KB
- MD5
  
  fea2d33d87a03bf25ae6254378a45f5f
- SHA1
  
  33bfff1a0dbe5e4d1dfefbd6a68f31a63af771c1
- SHA256
  
  a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167
- SHA512
  
  000aae3cb32bcf5e306c90df700a520d927292877f6d91501e6c5fa0b87394facf8922b88b9a1fe79be5b16e705e7e0624af018a94808630f872a395bd9a0cf8
- SSDEEP
  
  3072:xBiBQROBhUZ+F+XZzlD05wVME57izZxEQvuyM7m0Bnn7mS9z3A8m7:7XRaUoFKZzaCVr7iXuAM3hm7
Score

3^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

T1107

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Tasks

Sharing

General

Malware Config

Targets

Deletes shadow copies

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14