Overview

overview

10

Static

static

1

NO-ESCAPE

windows10-1703-x64

Resubmissions

16/10/2023, 16:27

231016-tx8wxacb87 1

16/10/2023, 16:24

231016-twfhzaac9w 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NO-ESCAPE

  • Size

    185KB

  • Sample

    231016-twfhzaac9w

  • MD5

    e72b608999413431197c581791e6f4d5

  • SHA1

    3949a56d0e78bc8b98390c38e740c02b3689886b

  • SHA256

    45f5a9c16f48e7ede809082c30cf44ebed30dd72aeca6a1c02a82f4ef5fb4fcd

  • SHA512

    523d6b6d6fc632033c4dabc75de8898a03c2f826708c9b5b636d1bae6a728edead05393a68955128ff55b7f63a7b46d980fea078773ba5dad39768a2eac8cbb2

  • SSDEEP

    3072:nTRgFloDsDlV1RXjwQonGVuIbILrge4Cri6vPZb298oOolq1HR7Dht3DuqJ8lPUD:nTRgFloG7G3DuqJ08WVSgE29xxspm0nL

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      NO-ESCAPE

    • Size

      185KB

    • MD5

      e72b608999413431197c581791e6f4d5

    • SHA1

      3949a56d0e78bc8b98390c38e740c02b3689886b

    • SHA256

      45f5a9c16f48e7ede809082c30cf44ebed30dd72aeca6a1c02a82f4ef5fb4fcd

    • SHA512

      523d6b6d6fc632033c4dabc75de8898a03c2f826708c9b5b636d1bae6a728edead05393a68955128ff55b7f63a7b46d980fea078773ba5dad39768a2eac8cbb2

    • SSDEEP

      3072:nTRgFloDsDlV1RXjwQonGVuIbILrge4Cri6vPZb298oOolq1HR7Dht3DuqJ8lPUD:nTRgFloG7G3DuqJ08WVSgE29xxspm0nL

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks