d075ba1a254943b9797b763ecba56d06d69f3b0b6ce4b825ab422ab94a4e32ec | Triage

Sharing

General

Target

cffb929c2b2c942668ce74b7f62e8fab
Size

182KB
Sample

240317-flel2aeg62
MD5

cffb929c2b2c942668ce74b7f62e8fab
SHA1

b2334aa936cca6ff0e3de8d960c61daa42fd422f
SHA256

d075ba1a254943b9797b763ecba56d06d69f3b0b6ce4b825ab422ab94a4e32ec
SHA512

81a9b614c07828827691ece264491680b412585a836e6664a0e25cb73d8a179576e826621641283492d9ad565f8dcd65a376f2fb24a3d499c3f5c11449f42e1f
SSDEEP

3072:HHybd1J2ke8vFVAF3rD1pTwgHTX5kCk9O2oPwsFsRWtNE7pM1Sdqz2TT5LQLZa1T:nybd1JpbOTwgHTG9cYmtNEYSKC0LZqkY

Score

9^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  cffb929c2b2c942668ce74b7f62e8fab
- Size
  
  182KB
- MD5
  
  cffb929c2b2c942668ce74b7f62e8fab
- SHA1
  
  b2334aa936cca6ff0e3de8d960c61daa42fd422f
- SHA256
  
  d075ba1a254943b9797b763ecba56d06d69f3b0b6ce4b825ab422ab94a4e32ec
- SHA512
  
  81a9b614c07828827691ece264491680b412585a836e6664a0e25cb73d8a179576e826621641283492d9ad565f8dcd65a376f2fb24a3d499c3f5c11449f42e1f
- SSDEEP
  
  3072:HHybd1J2ke8vFVAF3rD1pTwgHTX5kCk9O2oPwsFsRWtNE7pM1Sdqz2TT5LQLZa1T:nybd1JpbOTwgHTG9cYmtNEYSKC0LZqkY
Score

9^/10

evasion persistence ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware