47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 | Triage

Resubmissions

08/05/2023, 15:57

230508-tecqradc2s 10

08/05/2023, 15:42

230508-s5j23sbd86 10

Sharing

Copy URL Twitter E-mail

General

Target

NoEscape.zip
Size

616KB
Sample

230508-s5j23sbd86
MD5

ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1

9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256

47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512

6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9
SSDEEP

12288:1PQuO1JLx2auoA82iqOxdOc7XPkmpOw6mqc5m937hnTMktj1H:1PVqJx2auYqw7dOw6mql3nNBd

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  NoEscape.zip
- Size
  
  616KB
- MD5
  
  ef4fdf65fc90bfda8d1d2ae6d20aff60
- SHA1
  
  9431227836440c78f12bfb2cb3247d59f4d4640b
- SHA256
  
  47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
- SHA512
  
  6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9
- SSDEEP
  
  12288:1PQuO1JLx2auoA82iqOxdOc7XPkmpOw6mqc5m937hnTMktj1H:1PVqJx2auYqw7dOw6mql3nNBd
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan