9a1d44975b9b2bb8f40cdf2edf718910f252172fa5f8b2d8fff5865ce5f7c10b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-20_a170d04e70b76f05d376cfdf8f39e3f7_snatch
Size

2.8MB
Sample

240520-zptpxagc38
MD5

a170d04e70b76f05d376cfdf8f39e3f7
SHA1

065572282fd5d5bde88df5adf0124d52247a6f83
SHA256

9a1d44975b9b2bb8f40cdf2edf718910f252172fa5f8b2d8fff5865ce5f7c10b
SHA512

4f2d6b156982ca41264e4e9c6ed637d89ff9bbf2802a69f664ea052e5711a67d80dcf90d3bfa1244ffb28e4a5f95ad7a3c721c4c5729b930b7865a3ee2fdebce
SSDEEP

49152:XIdItgxN70GZj7n3LShC8NS9r23oGJ/zwrRD1SFR:YdXO5NS9r23iRD1e

Score

10^/10

discovery evasion execution ransomware trojan

Malware Config

Targets

- Target
  
  2024-05-20_a170d04e70b76f05d376cfdf8f39e3f7_snatch
- Size
  
  2.8MB
- MD5
  
  a170d04e70b76f05d376cfdf8f39e3f7
- SHA1
  
  065572282fd5d5bde88df5adf0124d52247a6f83
- SHA256
  
  9a1d44975b9b2bb8f40cdf2edf718910f252172fa5f8b2d8fff5865ce5f7c10b
- SHA512
  
  4f2d6b156982ca41264e4e9c6ed637d89ff9bbf2802a69f664ea052e5711a67d80dcf90d3bfa1244ffb28e4a5f95ad7a3c721c4c5729b930b7865a3ee2fdebce
- SSDEEP
  
  49152:XIdItgxN70GZj7n3LShC8NS9r23oGJ/zwrRD1SFR:YdXO5NS9r23iRD1e
Score

10^/10

discovery evasion execution ransomware trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

discoveryevasionexecutionransomwaretrojan