595e2825095b12ddfba4ee6f98f4f6cb1ff1fbc37a3b3191b2fc203d486ba163 | Triage

Sharing

General

Target

satan.zip
Size

143KB
Sample

240426-jxan1acc83
MD5

d309e1391579364a758c67fafb3b6e8a
SHA1

d36d77044dce9a03766fce192629e6d2bc2e8dd5
SHA256

595e2825095b12ddfba4ee6f98f4f6cb1ff1fbc37a3b3191b2fc203d486ba163
SHA512

b1c5af6894983c58564a2b3b63e36edf0a2e5f6e6ab5268030eaf3027326dc2a9fc31e449a7dd12078a0e878afa753872e309e0e16bb58997e7fd3b8c03aa6cb
SSDEEP

3072:UFecUyHplrpGNQBSdtbrTUZDEsSubSSDfBM/KHGn7cf4zF5/7+:UFhU8pzjBSbUdPS9SDZIKHUj+

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  satan.zip
- Size
  
  143KB
- MD5
  
  d309e1391579364a758c67fafb3b6e8a
- SHA1
  
  d36d77044dce9a03766fce192629e6d2bc2e8dd5
- SHA256
  
  595e2825095b12ddfba4ee6f98f4f6cb1ff1fbc37a3b3191b2fc203d486ba163
- SHA512
  
  b1c5af6894983c58564a2b3b63e36edf0a2e5f6e6ab5268030eaf3027326dc2a9fc31e449a7dd12078a0e878afa753872e309e0e16bb58997e7fd3b8c03aa6cb
- SSDEEP
  
  3072:UFecUyHplrpGNQBSdtbrTUZDEsSubSSDfBM/KHGn7cf4zF5/7+:UFhU8pzjBSbUdPS9SDZIKHUj+
Score

1^/10
behavioral1 behavioral2
- Target
  
  satan.bin
- Size
  
  184KB
- MD5
  
  c9c341eaf04c89933ed28cbc2739d325
- SHA1
  
  c5b7d47aef3bd33a24293138fcba3a5ff286c2a8
- SHA256
  
  1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7
- SHA512
  
  7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b
- SSDEEP
  
  3072:H8SIBtQnE7OhssdWJ5jy392aCmCbBq0ryEbh/Wl7hqU6Q4NJ15xgDbvSY5thfRb3:c7qvhssdu5jyYaCmCQVE6hqUI5sb9Rb3
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

behavioral3

persistenceransomware

behavioral4