7566d9f5bdbaf8073179d794ebb920dcdd02f249d4e46ea062e8315532ceca51 | Triage

Sharing

General

Target

exm.bat
Size

661KB
Sample

240525-zssxsaag22
MD5

73381d44050ec2fbcecbfc9a6bfb0bb3
SHA1

578bc26c2da8d5cd30732a977f3cbf0eecda168a
SHA256

7566d9f5bdbaf8073179d794ebb920dcdd02f249d4e46ea062e8315532ceca51
SHA512

31552773c791f925c009292f7ebc27e768ed2c94809c11048756593e4f9598bd72d6f37648978caadce9293eb0f789d05eb4234d6dcbcbbafc57a0f4142009d8
SSDEEP

3072:FDGzQbmbkAqA2xH7VkKEn14IZVvisLur+K3:FDGiVNEn14IZVvisL43

Score

10^/10

evasion execution ransomware trojan

Malware Config

Targets

- Target
  
  exm.bat
- Size
  
  661KB
- MD5
  
  73381d44050ec2fbcecbfc9a6bfb0bb3
- SHA1
  
  578bc26c2da8d5cd30732a977f3cbf0eecda168a
- SHA256
  
  7566d9f5bdbaf8073179d794ebb920dcdd02f249d4e46ea062e8315532ceca51
- SHA512
  
  31552773c791f925c009292f7ebc27e768ed2c94809c11048756593e4f9598bd72d6f37648978caadce9293eb0f789d05eb4234d6dcbcbbafc57a0f4142009d8
- SSDEEP
  
  3072:FDGzQbmbkAqA2xH7VkKEn14IZVvisLur+K3:FDGiVNEn14IZVvisL43
Score

10^/10

evasion execution ransomware trojan
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionexecutionransomwaretrojan