Overview

overview

10

Static

static

1

NoEscape.zip

windows10-2004-x64

NoEscape.zip

windows11-21h2-x64

1

Resubmissions

20/02/2024, 10:44

240220-msvp6afg28 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NoEscape.zip

  • Size

    616KB

  • Sample

    240220-msvp6afg28

  • MD5

    ef4fdf65fc90bfda8d1d2ae6d20aff60

  • SHA1

    9431227836440c78f12bfb2cb3247d59f4d4640b

  • SHA256

    47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

  • SHA512

    6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

  • SSDEEP

    12288:1PQuO1JLx2auoA82iqOxdOc7XPkmpOw6mqc5m937hnTMktj1H:1PVqJx2auYqw7dOw6mql3nNBd

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      NoEscape.zip

    • Size

      616KB

    • MD5

      ef4fdf65fc90bfda8d1d2ae6d20aff60

    • SHA1

      9431227836440c78f12bfb2cb3247d59f4d4640b

    • SHA256

      47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

    • SHA512

      6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

    • SSDEEP

      12288:1PQuO1JLx2auoA82iqOxdOc7XPkmpOw6mqc5m937hnTMktj1H:1PVqJx2auYqw7dOw6mql3nNBd

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks