d66c4c08833f9e8af486af44f879a0a5fb3113110874cc04bd53ee6351c92064 | Triage

Sharing

General

Target

000.zip
Size

119KB
Sample

240425-rlx9xsbe89
MD5

f5d73448dbe1ec4f9a8ec187f216d9e5
SHA1

6f76561bd09833c75ae8f0035dcb2bc87709e2e5
SHA256

d66c4c08833f9e8af486af44f879a0a5fb3113110874cc04bd53ee6351c92064
SHA512

edbdc1d3df9094c4e7c962f479bb06cdc23555641eeb816b17a8a5d3f4d98f4d1d10299fd2f9152d30e3fa9e5b12c881fd524e75612e934b287109492ee1520b
SSDEEP

3072:/msQvkoawLvldUo1OvAGczlPDloVCUfcU:C8oaiPOvA/zl7jUcU

Score

8^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  000.exe
- Size
  
  6.7MB
- MD5
  
  d5671758956b39e048680b6a8275e96a
- SHA1
  
  33c341130bf9c93311001a6284692c86fec200ef
- SHA256
  
  4a900b344ef765a66f98cf39ac06273d565ca0f5d19f7ea4ca183786155d4a47
- SHA512
  
  972e89ed8b7b4d75df0a05c53e71fb5c29edaa173d7289656676b9d2a1ed439be1687beddc6fb1fbf068868c3da9c3d2deb03b55e5ab5e7968858b5efc49fbe7
- SSDEEP
  
  3072:V3LA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuzzo9Y:lLJlC6j0CX4XmvWHVcd62uo9
Score

8^/10

evasion persistence ransomware
- Disables Task Manager via registry modification
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware