a06d197b6058d8cb29545e1c8bcfcc93062d6fe3f74d572ef09854f18c91d6a8 | Triage

Sharing

General

Target

a06d197b6058d8cb29545e1c8bcfcc93062d6fe3f74d572ef09854f18c91d6a8.exe
Size

139KB
Sample

240220-glnelscc61
MD5

2bf8d41a0f984216b71424efa9d9a975
SHA1

ec982af3fc9c65a705f6a125cc6caca777e2c387
SHA256

a06d197b6058d8cb29545e1c8bcfcc93062d6fe3f74d572ef09854f18c91d6a8
SHA512

231fb8da3cec2ee0c4d607efedbe4faf0081a2400001f940c84f22f03626ee20ed46475b061b4581f14e1791bbf30fa7612a56d59cfdc0865f98edfce2b20304
SSDEEP

3072:evD2EdwZfQDXl6zkaahajx/HTwCewWyPoApxqIZZYJnD1SY:evD2ExaSyHzewWdASVS

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  a06d197b6058d8cb29545e1c8bcfcc93062d6fe3f74d572ef09854f18c91d6a8.exe
- Size
  
  139KB
- MD5
  
  2bf8d41a0f984216b71424efa9d9a975
- SHA1
  
  ec982af3fc9c65a705f6a125cc6caca777e2c387
- SHA256
  
  a06d197b6058d8cb29545e1c8bcfcc93062d6fe3f74d572ef09854f18c91d6a8
- SHA512
  
  231fb8da3cec2ee0c4d607efedbe4faf0081a2400001f940c84f22f03626ee20ed46475b061b4581f14e1791bbf30fa7612a56d59cfdc0865f98edfce2b20304
- SSDEEP
  
  3072:evD2EdwZfQDXl6zkaahajx/HTwCewWyPoApxqIZZYJnD1SY:evD2ExaSyHzewWdASVS
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware