ce0a32e35b7c79e7e2ffe7bd3c7566a6fb843341268ad50f4a594e56e17a5110 | Triage

Resubmissions

11-07-2024 18:37

240711-w9z6ms1gmc 10

11-07-2024 08:47

240711-kp9zkayfjn 10

Sharing

General

Target

NO-ESCAPE-main.zip
Size

732KB
Sample

240711-kp9zkayfjn
MD5

9172731ba3f16b578bcb14000ccbccd4
SHA1

e7ab716661ed88ecf060dc5d53720877b141eac9
SHA256

ce0a32e35b7c79e7e2ffe7bd3c7566a6fb843341268ad50f4a594e56e17a5110
SHA512

3a35995b6dadf408ca69699220120bba5f70fb3c2a850165ab11dad03821c8ce316bf7e9662f8976e0bf659cdb9adf0c8d0d7beca22b59480e4830dc5e02666c
SSDEEP

12288:RhHGV4kchbcLL5pKYy89+cKOHQ05rwEc21etvfURHmsHKaMekSij9EgnSrojr:RhH3llcLL5vV9+vOHJUEchweReC9vnSq

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  NO-ESCAPE-main/No Escape.exe
- Size
  
  771KB
- MD5
  
  2782877418b44509fd306fd9afe43e39
- SHA1
  
  b0c18bdf782ca9c4fa41074f05458ce8e0f3961b
- SHA256
  
  56d612e014504c96bb92429c31eb93f40938015d422b35765912ac4e6bd3755b
- SHA512
  
  8826881b3ab406ee4c1fabd4848161f8524aeaeb7c4397384d36840f947ef95c8560850b2409fbf761ff225cdc8ac6eb875b705476fe9574b23c7a5478505a86
- SSDEEP
  
  24576:OeTrmlZGPL7NV9+VitFsQUxY8BGOdQSqZ:hT6KDrmIFsBJBG4XqZ
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan