63e3d586de3cedcda782610ac283ab67cf1222f791d0897dbe39afe9c3524721 | Triage

Resubmissions

13/05/2024, 09:39

240513-lmtp8shf73 4

13/05/2024, 08:24

240513-katc9sfc35 10

13/05/2024, 08:20

240513-j8snysea8v 4

Sharing

Copy URL Twitter E-mail

General

Target

sample
Size

19KB
Sample

240513-katc9sfc35
MD5

9867b5c84e87d27e746285a51b1eb786
SHA1

2a608544a219281519aaa49cb48d38b8fc5af99b
SHA256

63e3d586de3cedcda782610ac283ab67cf1222f791d0897dbe39afe9c3524721
SHA512

f76d6363375c65350d1f9faf5a347e97d0f8b03358672c906b923ef8e3bc6a452ad1075749e9fe4a30402ed2fe648d1635ec05a64790a14f0020861bde23e7a2
SSDEEP

384:rZZ7IDpmReVoOs4ai9ylKeGMAU8Hhhbs227XPo2paWhOwob0Jn+JIJCgMmVn:rX7IBVoOs4amyI1MKBhbHoXOWhOwob0p

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  sample
- Size
  
  19KB
- MD5
  
  9867b5c84e87d27e746285a51b1eb786
- SHA1
  
  2a608544a219281519aaa49cb48d38b8fc5af99b
- SHA256
  
  63e3d586de3cedcda782610ac283ab67cf1222f791d0897dbe39afe9c3524721
- SHA512
  
  f76d6363375c65350d1f9faf5a347e97d0f8b03358672c906b923ef8e3bc6a452ad1075749e9fe4a30402ed2fe648d1635ec05a64790a14f0020861bde23e7a2
- SSDEEP
  
  384:rZZ7IDpmReVoOs4ai9ylKeGMAU8Hhhbs227XPo2paWhOwob0Jn+JIJCgMmVn:rX7IBVoOs4amyI1MKBhbHoXOWhOwob0p
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan