Overview

overview

10

Static

static

3

mimicranso...ed.exe

windows7-x64

10

mimicranso...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mimicransomware_enc_infected.exe

  • Size

    2.4MB

  • Sample

    240429-ksgr7aef62

  • MD5

    2a613d677cc3e2991dcd954e9413c40c

  • SHA1

    26f49090585d31dca8dde83106c0a851f00f2f18

  • SHA256

    c7adce3459f21a1afb62f779d8baaa2ea3e7614b8fa312ac67725d532c15c54b

  • SHA512

    b3edc9f56aa9c1f3685bb7e14d7dad27f23346bb1f21618acb3091c2031c1c5f48f77f375d97763b2da1b4658efd12a1147114bd65190b9f8c772d302d0f7a44

  • SSDEEP

    49152:I/oSNzCxuPz3v/EekOEQ5ZlC2WQcyDJFD6BaKAjB8eJMv+8KwXkZx+jau:I/oCCQv/EeJESlC2WbyDukrBDJMGXjG

Score
10/10
mimicevasionpersistenceransomware

Malware Config

Targets

    • Target

      mimicransomware_enc_infected.exe

    • Size

      2.4MB

    • MD5

      2a613d677cc3e2991dcd954e9413c40c

    • SHA1

      26f49090585d31dca8dde83106c0a851f00f2f18

    • SHA256

      c7adce3459f21a1afb62f779d8baaa2ea3e7614b8fa312ac67725d532c15c54b

    • SHA512

      b3edc9f56aa9c1f3685bb7e14d7dad27f23346bb1f21618acb3091c2031c1c5f48f77f375d97763b2da1b4658efd12a1147114bd65190b9f8c772d302d0f7a44

    • SSDEEP

      49152:I/oSNzCxuPz3v/EekOEQ5ZlC2WQcyDJFD6BaKAjB8eJMv+8KwXkZx+jau:I/oCCQv/EeJESlC2WbyDukrBDJMGXjG

    Score
    10/10
    mimicevasionpersistenceransomware

    • Detects Mimic ransomware

    • Mimic

      Ransomware family was first exploited in the wild in 2022.

      ransomwaremimic

    • Modifies security service

      evasion

    • Clears Windows event logs

      evasionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes System State backups

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

1
T1070.004

Modify Registry

5
T1112

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

4
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

2
T1490

Tasks