04b48f729e52c2484045ef3ea17beda6f7c2445c4f30bf56ddebefc344515d5c | Triage

Sharing

General

Target

ctt.bat
Size

78B
Sample

240517-trarxsfh3v
MD5

feef07486c0cb823b3d6ec6bf3990476
SHA1

0706f8e1f0339e94d547c16da919db12150f8aa1
SHA256

04b48f729e52c2484045ef3ea17beda6f7c2445c4f30bf56ddebefc344515d5c
SHA512

af5ccc73979ff9bffb1d55cfaa59e00b824ce25c4e0ebc8ecb06f354788407cd9e1a5d49a004389438637464e90580395da7eaa6d60eaf5da446ec0704adad5e

Score

9^/10

discovery evasion ransomware

Malware Config

Targets

- Target
  
  ctt.bat
- Size
  
  78B
- MD5
  
  feef07486c0cb823b3d6ec6bf3990476
- SHA1
  
  0706f8e1f0339e94d547c16da919db12150f8aa1
- SHA256
  
  04b48f729e52c2484045ef3ea17beda6f7c2445c4f30bf56ddebefc344515d5c
- SHA512
  
  af5ccc73979ff9bffb1d55cfaa59e00b824ce25c4e0ebc8ecb06f354788407cd9e1a5d49a004389438637464e90580395da7eaa6d60eaf5da446ec0704adad5e
Score

9^/10

discovery evasion ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

discoveryevasionransomware