58691af22fbd8b84e66bd2d90b606ca66255319bf6077887fa784b83587c8ae3 | Triage

Sharing

General

Target

u237cgatAh2.rar
Size

5.2MB
Sample

240427-ceweeshf6v
MD5

dde62c5ddd6c25eeff6a63d884d008c3
SHA1

b213a8cdd20573760c77def7b3a624b78e7d2604
SHA256

58691af22fbd8b84e66bd2d90b606ca66255319bf6077887fa784b83587c8ae3
SHA512

73692e38e211bf8553fbea14221240c9f82fa21e88a807e261c55533ef89285184754d2c943ae16dda3fb2e15e05e283ca932876fa6f2578982d902d9f37063b
SSDEEP

98304:1BXcdFo0lJIIzKdmRqedbGcG94LEGLaXiOD7u6YzA5IbAnOTDtG2RB:1hcvo0nI1dmskGCLEJvy6uAibAnEDvB

Score

9^/10

evasion ransomware

Malware Config

Targets

- Target
  
  bsod fix.bat
- Size
  
  415B
- MD5
  
  392f331dc1744fbe560a2a17d7ca838f
- SHA1
  
  817559945e137d036f47b26696d4fab5f22572c1
- SHA256
  
  318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5
- SHA512
  
  0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd
Score

1^/10
behavioral1 behavioral2
- Target
  
  u237cgatAh2.exe
- Size
  
  5.6MB
- MD5
  
  0e2c1ee8e6bdb339094ec24026a01e20
- SHA1
  
  449972cb63e21bf25d03ad1e85cf87af97c75a2e
- SHA256
  
  ffe104f44b6a84074e2305fba55c1cb777446d1dace44c23eaf873536dcc542f
- SHA512
  
  c0a71a9d796802bdf7110c8f69ebdaeb9c968df69b41a8bc1ff52f3a4082f40df93085ec278863acc93763ca11114b4eac5278db136540be0bea67aa93c607c5
- SSDEEP
  
  98304:6s2vdJmvMwJ2liHiHeCJ+46C2m0B/YMh6FuLChc4n5Gc6jLq:6pdJK/46iHu4525Vh6FuLChRn5l6j2
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  w11 fix.bat
- Size
  
  507B
- MD5
  
  6fb44052dc5a85a097feeb91d7a81712
- SHA1
  
  29db33e6cf3286a6ba82af684ac535d42b43d257
- SHA256
  
  7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026
- SHA512
  
  ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a
Score

9^/10

evasion ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

evasionransomware

behavioral6

evasionransomware