52e0a1c02a0378774da69231586464c8c9fee1b36575786b5424fefda2f90418 | Triage

Submit
Reports

Overview

overview

Static

static

3

AIDS_NT.exe

windows7-x64

AIDS_NT.exe

windows10-2004-x64

Sharing

General

Target

AIDS_NT.rar
Size

634KB
Sample

230509-xpxepafd7t
MD5

6130816a444466d3ef237bfefae80c2c
SHA1

bd5e7be0fd74d424191cf9dddf0f6b4e0a2871b0
SHA256

52e0a1c02a0378774da69231586464c8c9fee1b36575786b5424fefda2f90418
SHA512

e83d352d104eeb89731bc0578384b5265b6270169aa4d198567f87334114850cfd453963891b47d581948a7d2d0e9ba511c5c01b7b6d6835f1b2ca376269182a
SSDEEP

12288:iA1HETk8ZRVmIUuSZmnoBXboLNy2f7MnLT9xaUnkLrCO2Hf6Y2A:iUG7YjVZhBXMLNP7oLBAH2/NV

Score

10^/10

evasion persistence ransomware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AIDS_NT.exe

Resource

win7-20230220-en

evasion persistence ransomware upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

AIDS_NT.exe

Resource

win10v2004-20230220-en

evasion persistence ransomware upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  AIDS_NT.exe
- Size
  
  924KB
- MD5
  
  14eefb80a0813abbf8710387a5383f08
- SHA1
  
  d3fa355cc1d184be20b441143fa34e4ae1a4bdb2
- SHA256
  
  61ee3bd82bed03dd0f3fb9bc9b76b7da972a90d3c12c8e4d5e967440a2f04c00
- SHA512
  
  a3174a80c47a02b6deed6eb390a999fa486f7a4cda7ab614d93589f614a60ba500aa8f42346e80cc53b7e1a5af0f0e515e4b014d23e5af90fabeae504f43f130
- SSDEEP
  
  12288:/GqN/XdctpVtkkKICgvDkBLab3Xldfr4oSsFsA0cO4KfRErkYzWaMSDncS:pNcBtkUHf9ace3sJTcS
Score

10^/10

evasion persistence ransomware upx
- Modifies WinLogon for persistence
  persistence
- Nirsoft
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwareupx

behavioral2

evasionpersistenceransomwareupx

© 2018-2025

Terms | Privacy