2e97ecb6cbe30536c04b3049eb3372dc6f3ef71354f898f448d4fdd1a560da24 | Triage

Resubmissions

27/06/2023, 22:30

230627-2eybfsff67 10

27/06/2023, 22:26

230627-2cnn8sgf3w 10

Sharing

General

Target

redirect
Size

6KB
Sample

230627-2cnn8sgf3w
MD5

0b375fb53042dad5215bdf5b50b9f8ef
SHA1

cb1c83d776609d4a50ac9a3232423979513beca9
SHA256

2e97ecb6cbe30536c04b3049eb3372dc6f3ef71354f898f448d4fdd1a560da24
SHA512

524b0c42bd77098c44d09518a02b23ab98653ec0c10621a8c1487b7a27bae60938d9cb1e14914985bdbab1e1691f65d802c03c2c59036451dfe5953b18d46be2
SSDEEP

192:dPHLxX7777/77QF7q0Lod4BYCIdDO/XGE:dPr5HYs0+CIdDO/X/

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  redirect
- Size
  
  6KB
- MD5
  
  0b375fb53042dad5215bdf5b50b9f8ef
- SHA1
  
  cb1c83d776609d4a50ac9a3232423979513beca9
- SHA256
  
  2e97ecb6cbe30536c04b3049eb3372dc6f3ef71354f898f448d4fdd1a560da24
- SHA512
  
  524b0c42bd77098c44d09518a02b23ab98653ec0c10621a8c1487b7a27bae60938d9cb1e14914985bdbab1e1691f65d802c03c2c59036451dfe5953b18d46be2
- SSDEEP
  
  192:dPHLxX7777/77QF7q0Lod4BYCIdDO/XGE:dPr5HYs0+CIdDO/X/
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan