f1ad1ad54bbbb321cc210f44bc0c7d16f73a56f33964c9c0aa5f822c43302941 | Triage

Sharing

General

Target

malware.txt
Size

6KB
Sample

240519-sfar4sce3y
MD5

23878a8e1e67a80e987c44a81e7a886d
SHA1

0330d6990bec48a65a1e359ebc1c9f51749e121d
SHA256

f1ad1ad54bbbb321cc210f44bc0c7d16f73a56f33964c9c0aa5f822c43302941
SHA512

c6948d90fb144a91f5d2b910314c04e91b0c3e22f6f9e8031ad3639803808420d7c80d35319ad1ac5e7adf810de019ec61434692f5a4bdff678bc39776f3189d
SSDEEP

96:qDfYNb8mN8r9f4PPfMSHnx2gqoij8RW8E/zmdPzWdEKuWP2W9NukS/MNa:qDfYqrZgX7yrCdPidfbU0a

Score

10^/10

discovery evasion execution exploit persistence ransomware trojan

Malware Config

Targets

- Target
  
  malware.txt
- Size
  
  6KB
- MD5
  
  23878a8e1e67a80e987c44a81e7a886d
- SHA1
  
  0330d6990bec48a65a1e359ebc1c9f51749e121d
- SHA256
  
  f1ad1ad54bbbb321cc210f44bc0c7d16f73a56f33964c9c0aa5f822c43302941
- SHA512
  
  c6948d90fb144a91f5d2b910314c04e91b0c3e22f6f9e8031ad3639803808420d7c80d35319ad1ac5e7adf810de019ec61434692f5a4bdff678bc39776f3189d
- SSDEEP
  
  96:qDfYNb8mN8r9f4PPfMSHnx2gqoij8RW8E/zmdPzWdEKuWP2W9NukS/MNa:qDfYqrZgX7yrCdPidfbU0a
Score

10^/10

discovery evasion execution exploit persistence ransomware trojan
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Creates new service(s)
  persistence execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryevasionexecutionexploitpersistenceransomwaretrojan