bcfefef116c5ccf1ea7e110be257222f01f73aff1e0106f2268313bed413afcb | Triage

Sharing

General

Target

loader.dat
Size

6.1MB
Sample

230630-pjtslsag83
MD5

d07c83d3938c02bc7befdcf11a8f619e
SHA1

6cdcc379877847670c859417a84f3fc265a2b420
SHA256

bcfefef116c5ccf1ea7e110be257222f01f73aff1e0106f2268313bed413afcb
SHA512

1e211b65f23eaf32575f757c69df30b80f9f6ac1d4901371e65ae9d1471f5f873e6d4121189bc6b5bfe93149d4699dceab6b248a4e070ffbb703b0b97ff8581a
SSDEEP

98304:vrX2+qaBQF2Os1nxZyOZS4fBhENbOo1R+TfXw4ld9v4JCn6UE4+twOD4wfOtOdBq:vTZ3Ms1xI94fsNyQ61D4JFPtCtOdBuR

Score

9^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  loader.dat
- Size
  
  6.1MB
- MD5
  
  d07c83d3938c02bc7befdcf11a8f619e
- SHA1
  
  6cdcc379877847670c859417a84f3fc265a2b420
- SHA256
  
  bcfefef116c5ccf1ea7e110be257222f01f73aff1e0106f2268313bed413afcb
- SHA512
  
  1e211b65f23eaf32575f757c69df30b80f9f6ac1d4901371e65ae9d1471f5f873e6d4121189bc6b5bfe93149d4699dceab6b248a4e070ffbb703b0b97ff8581a
- SSDEEP
  
  98304:vrX2+qaBQF2Os1nxZyOZS4fBhENbOo1R+TfXw4ld9v4JCn6UE4+twOD4wfOtOdBq:vTZ3Ms1xI94fsNyQ61D4JFPtCtOdBuR
Score

9^/10

evasion ransomware persistence
- Clears Windows event logs
  evasion ransomware
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal on Host

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionpersistenceransomware