Overview

overview

9

Static

static

5

without_re...0c.exe

windows7-x64

9

without_re...0c.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    without_readme_cd4a0b371cd7dc9dab6b442b0583550c

  • Size

    1.0MB

  • Sample

    240328-l4vzmaab2z

  • MD5

    cd4a0b371cd7dc9dab6b442b0583550c

  • SHA1

    0612c1ed908bcd754d31edb662ada2c88431e8c2

  • SHA256

    bcf4ad8687af0d79971e5f73ab152b7732bf3540726f71654da87f36e54cff6f

  • SHA512

    6d843ea93fed3c7475863abdd8d86bef559d700111d03e7b4827d4ff4777ab1c98bbb08880219e82deff4cd76135f8a74edb9437c301f7ec9cb8a2f31b5bae02

  • SSDEEP

    24576:lrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaozQ:l2EYTb8atv1orq+pEiSDTj1VyvBao

Score
9/10
evasionransomware

Malware Config

Targets

    • Target

      without_readme_cd4a0b371cd7dc9dab6b442b0583550c

    • Size

      1.0MB

    • MD5

      cd4a0b371cd7dc9dab6b442b0583550c

    • SHA1

      0612c1ed908bcd754d31edb662ada2c88431e8c2

    • SHA256

      bcf4ad8687af0d79971e5f73ab152b7732bf3540726f71654da87f36e54cff6f

    • SHA512

      6d843ea93fed3c7475863abdd8d86bef559d700111d03e7b4827d4ff4777ab1c98bbb08880219e82deff4cd76135f8a74edb9437c301f7ec9cb8a2f31b5bae02

    • SSDEEP

      24576:lrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaozQ:l2EYTb8atv1orq+pEiSDTj1VyvBao

    Score
    9/10
    evasionransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

3
T1490

Resource Development

Reconnaissance

Tasks