c5b2591ba9149ca25d7936a9e5a27d92acd8f10e8e0a0b1d0f63928843a7a019 | Triage

Sharing

General

Target

716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.zip
Size

15.6MB
Sample

240426-mjz9aaee54
MD5

baa422ba2a6e1dc0e8e640683da3ee07
SHA1

5d27381577e2d7bb605981bd0fb860b1345eecd7
SHA256

c5b2591ba9149ca25d7936a9e5a27d92acd8f10e8e0a0b1d0f63928843a7a019
SHA512

b47cf2766728890ae83aacd46185655d0f10e7996589656c2aa52485b31a2165f4693aed4143d7ee6769e7426c225f46e7f062fa79221190f41fef6462609ed3
SSDEEP

393216:eFDFEnQbmLDnASZDdDxYfecQbLHZsoauY2+U:M2Qbm/nrZDd1CecoL5sRdq

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  nbnbnbnbnbnb
- Size
  
  15.9MB
- MD5
  
  0f743287c9911b4b1c726c7c7edcaf7d
- SHA1
  
  9760579e73095455fcbaddfe1e7e98a2bb28bfe0
- SHA256
  
  716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
- SHA512
  
  2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677
- SSDEEP
  
  393216:UMwm0qBknxdEX+LbMUgoSZmWSmh4aaRN22ChHCMNku1y:UMcKX+Lbjgd7W1RNVC9ku1
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan