General

  • Target

    9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305

  • Size

    10.6MB

  • Sample

    240302-zns2zshg75

  • MD5

    e9e5596b42f209cc058b55edc2737a80

  • SHA1

    f30232697b3f54e58af08421da697262c99ec48b

  • SHA256

    9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305

  • SHA512

    e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7

  • SSDEEP

    196608:+ahZ5qN3wvdJBiAv1hXx7jeeDt9/wGoyIu+sTvDmQONhL/LslAVyq8rZyA+TXtT4:+w6NAvPAA/Xx3eeDtTD+GDONhL/AlAV8

Malware Config

Targets

    • Target

      9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305

    • Size

      10.6MB

    • MD5

      e9e5596b42f209cc058b55edc2737a80

    • SHA1

      f30232697b3f54e58af08421da697262c99ec48b

    • SHA256

      9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305

    • SHA512

      e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7

    • SSDEEP

      196608:+ahZ5qN3wvdJBiAv1hXx7jeeDt9/wGoyIu+sTvDmQONhL/LslAVyq8rZyA+TXtT4:+w6NAvPAA/Xx3eeDtTD+GDONhL/AlAV8

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Detects executables packed with ConfuserEx Mod

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Modifies Windows Firewall

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks