8ede1b80c18f65af0048bb0219e4d91c0fbabf8a66e555bc39020a44feea790e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_e5db950fee89e1f423f343f449457834
Size

272KB
Sample

240204-qkynmaafb7
MD5

e5db950fee89e1f423f343f449457834
SHA1

6516ac180e8c661499eea02f456558e12acc7108
SHA256

8ede1b80c18f65af0048bb0219e4d91c0fbabf8a66e555bc39020a44feea790e
SHA512

0c8a4f3cdbe21a91d68ef05483c705a2adb454cdcc65da30cee25409c34a25346d63db77fda6b63393da17e0259050bdc5cd71ae0ea004b052232280a5a473dd
SSDEEP

6144:6rH3RZ7tFAvi5FZ+kmEwfkrGMm/0VEr5YvoXN+8aDdySo:69dnFQnEAD/R2XpyL

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  VirusShare_e5db950fee89e1f423f343f449457834
- Size
  
  272KB
- MD5
  
  e5db950fee89e1f423f343f449457834
- SHA1
  
  6516ac180e8c661499eea02f456558e12acc7108
- SHA256
  
  8ede1b80c18f65af0048bb0219e4d91c0fbabf8a66e555bc39020a44feea790e
- SHA512
  
  0c8a4f3cdbe21a91d68ef05483c705a2adb454cdcc65da30cee25409c34a25346d63db77fda6b63393da17e0259050bdc5cd71ae0ea004b052232280a5a473dd
- SSDEEP
  
  6144:6rH3RZ7tFAvi5FZ+kmEwfkrGMm/0VEr5YvoXN+8aDdySo:69dnFQnEAD/R2XpyL
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2