aa4bb944e59cfb0b94354fb92ac40faefb4e0b882473d07c3aed59180042c28b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe
Size

37KB
Sample

231002-x6z7xaeb3w
MD5

57612c214cff45393754eee326362b02
SHA1

6135d64968ed3ba8d13a1e47b8d4a4e161a700c8
SHA256

aa4bb944e59cfb0b94354fb92ac40faefb4e0b882473d07c3aed59180042c28b
SHA512

627ba4b517af93f45f9404af7569aaa0d5cca0254dbbda472b8fcf321b5f98a23c9cfd2b7bfbd61c571294007fac9394cd723a8b7dd677668ba158e80bc312a1
SSDEEP

384:uLipZl447piqb/lUYf5uH3w59AMRG5qUIjFgOrjFymqAeO8W8xVLoSzwzARMWEgU:7miiqTfk2AMRGwlFgOrjslLodzAKWs

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe
- Size
  
  37KB
- MD5
  
  57612c214cff45393754eee326362b02
- SHA1
  
  6135d64968ed3ba8d13a1e47b8d4a4e161a700c8
- SHA256
  
  aa4bb944e59cfb0b94354fb92ac40faefb4e0b882473d07c3aed59180042c28b
- SHA512
  
  627ba4b517af93f45f9404af7569aaa0d5cca0254dbbda472b8fcf321b5f98a23c9cfd2b7bfbd61c571294007fac9394cd723a8b7dd677668ba158e80bc312a1
- SSDEEP
  
  384:uLipZl447piqb/lUYf5uH3w59AMRG5qUIjFgOrjFymqAeO8W8xVLoSzwzARMWEgU:7miiqTfk2AMRGwlFgOrjslLodzAKWs
Score

8^/10

evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2