4fec073d12eb85a25c0414f34ddec53451c6727e9b01f6c51bb9fb9325e8ec68 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-01_46be1ade3c8d362afda908096f0692c8_eternalromance_poet-rat_snatch
Size

7.2MB
Sample

240701-le3ceaxbrl
MD5

46be1ade3c8d362afda908096f0692c8
SHA1

fd0e84380ada5f8ddde393767c9863724b32cedf
SHA256

4fec073d12eb85a25c0414f34ddec53451c6727e9b01f6c51bb9fb9325e8ec68
SHA512

0a614c183ecdc1fd908729ee66b14df154c6285149f5c57958be6abc217705738235dcd3a2e318df1236762c34f7250dfb7e9a4a0e11a5693966070ed87a0840
SSDEEP

98304:KwQRuLhsEDSOfrpqM7os2yZByUrJeR9OYZzgLkiyMnqRLRZXhMG2z0yYP4W7kx5:cRuLhF4lrMqRLR/MdzPYP4b

Score

10^/10

defense_evasion execution impact persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  2024-07-01_46be1ade3c8d362afda908096f0692c8_eternalromance_poet-rat_snatch
- Size
  
  7.2MB
- MD5
  
  46be1ade3c8d362afda908096f0692c8
- SHA1
  
  fd0e84380ada5f8ddde393767c9863724b32cedf
- SHA256
  
  4fec073d12eb85a25c0414f34ddec53451c6727e9b01f6c51bb9fb9325e8ec68
- SHA512
  
  0a614c183ecdc1fd908729ee66b14df154c6285149f5c57958be6abc217705738235dcd3a2e318df1236762c34f7250dfb7e9a4a0e11a5693966070ed87a0840
- SSDEEP
  
  98304:KwQRuLhsEDSOfrpqM7os2yZByUrJeR9OYZzgLkiyMnqRLRZXhMG2z0yYP4W7kx5:cRuLhF4lrMqRLR/MdzPYP4b
Score

9^/10

defense_evasion execution impact persistence ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Windows Management Instrumentation

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

defense_evasionexecutionimpactpersistenceransomwarespywarestealer