02bebee27daeff412d7da51c72a7df2b2296b18948d0c6933e0b56c54b5a7497 | Triage

Sharing

General

Target

02bebee27daeff412d7da51c72a7df2b2296b18948d0c6933e0b56c54b5a7497
Size

214KB
Sample

231114-xwg9caeg39
MD5

b9ad92028780facaaf64da860eac0e2d
SHA1

3e5fc7e74a0a1bb1cf272eaa55b3e26c5b2c6c00
SHA256

02bebee27daeff412d7da51c72a7df2b2296b18948d0c6933e0b56c54b5a7497
SHA512

fc15648488d57a7107e1084b103962b87c78036fac5d793e69a1d1247139e369946e8882df4001bd9e75301e20a63ef126fd01e22bb00288cd33ae2c1537e5e2
SSDEEP

6144:+j+cJdUpTi8csFW3UGDQYxRXRWubqOalwO:+5LUpTysRuQGRcuGR

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  02bebee27daeff412d7da51c72a7df2b2296b18948d0c6933e0b56c54b5a7497
- Size
  
  214KB
- MD5
  
  b9ad92028780facaaf64da860eac0e2d
- SHA1
  
  3e5fc7e74a0a1bb1cf272eaa55b3e26c5b2c6c00
- SHA256
  
  02bebee27daeff412d7da51c72a7df2b2296b18948d0c6933e0b56c54b5a7497
- SHA512
  
  fc15648488d57a7107e1084b103962b87c78036fac5d793e69a1d1247139e369946e8882df4001bd9e75301e20a63ef126fd01e22bb00288cd33ae2c1537e5e2
- SSDEEP
  
  6144:+j+cJdUpTi8csFW3UGDQYxRXRWubqOalwO:+5LUpTysRuQGRcuGR
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2