8ce59a9dcaded43716ce975117356cba6b389936d497c94ea06e536a60296f10 | Triage

Sharing

General

Target

JC_8ce59a9dcaded43716ce975117356cba6b389936d497c94ea06e536a60296f10
Size

705KB
Sample

230901-v8fj6sgf88
MD5

ea4377f5a878bb45aa76da86203cf82e
SHA1

593a38fb2b7bdbd241329613bb5955ce04436013
SHA256

8ce59a9dcaded43716ce975117356cba6b389936d497c94ea06e536a60296f10
SHA512

952112c0c870f30adf615af2b28483f55e70599090fe2c6df5def08ee217d50173ff91a7e73c0a06fa9f2f1cb5fa67edb7e45dcdfcdc82f3035f5ea57e1d3024
SSDEEP

12288:ecqmSJd60r9C2OeA5OsE2qsnryXedl5XoDtVubsko1ToUrooTEBR:nw2fHEmlMDbQsr1b8R

Score

9^/10

ransomware

Malware Config

Targets

- Target
  
  JC_8ce59a9dcaded43716ce975117356cba6b389936d497c94ea06e536a60296f10
- Size
  
  705KB
- MD5
  
  ea4377f5a878bb45aa76da86203cf82e
- SHA1
  
  593a38fb2b7bdbd241329613bb5955ce04436013
- SHA256
  
  8ce59a9dcaded43716ce975117356cba6b389936d497c94ea06e536a60296f10
- SHA512
  
  952112c0c870f30adf615af2b28483f55e70599090fe2c6df5def08ee217d50173ff91a7e73c0a06fa9f2f1cb5fa67edb7e45dcdfcdc82f3035f5ea57e1d3024
- SSDEEP
  
  12288:ecqmSJd60r9C2OeA5OsE2qsnryXedl5XoDtVubsko1ToUrooTEBR:nw2fHEmlMDbQsr1b8R
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2