227e9d1546eb0b0e0ffe197760045d705ff5f5e1062792c7bc984afa7ea3bb19 | Triage

Sharing

General

Target

616b848d17252f7dae4de86383d25bee.bin
Size

183KB
Sample

240620-drnqsazfnm
MD5

61abe960d19d4c45bf54fd282c1fa620
SHA1

91b70fecc55f7b4ca56d1e30c3e995376c544003
SHA256

227e9d1546eb0b0e0ffe197760045d705ff5f5e1062792c7bc984afa7ea3bb19
SHA512

3e7891fe168f451ec0b50277ed6ec0b65859c9911b2dacd9683617850f4d5a6a66ad76dfba724281cb1de036c4192f81fcf4ebd4c5f61b62f856c472d2c6ae6e
SSDEEP

3072:7+uQLe+fyNy1ENzAfXeXuOYJolxAlnFqj/9CblAUpGydYANJrMUU6E4hKn2dtfm5:qle3NgEhA/eXuOYarA9FsGAOJdhgxRnj

Score

7^/10

ransomware

Malware Config

Targets

- Target
  
  bfad1fc041e176f9335d91cc4480e2c373d29354a33f5039212afe9e6d879978.exe
- Size
  
  272KB
- MD5
  
  616b848d17252f7dae4de86383d25bee
- SHA1
  
  797200ae77088b2c2f842bf48e73cfd46085b81b
- SHA256
  
  bfad1fc041e176f9335d91cc4480e2c373d29354a33f5039212afe9e6d879978
- SHA512
  
  9984b2a1c724a91b5a8b3d5234bd825c7f680fb0a9d46ed05ca7af7d7060c680669f0f6fbd1509128bc44ab173a5d73f014de335a32c3d33ee6b5d54a42599a0
- SSDEEP
  
  6144:/8MloJP9vDuuDCyd0E3QMfhqK3cTBWvlhAUH:/8MlgP9vv9WE3QqH3cVWthAUH
Score

7^/10

ransomware
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2