23e622bd84485f58e4cffd07549e86554778dcb56de0af90a482b0672536cb0d | Triage

Resubmissions

13-07-2024 12:53

240713-p4ppdstdpb 10

13-07-2024 12:52

240713-p4frgstdna 3

13-07-2024 12:51

240713-p3v5satdld 4

13-07-2024 12:50

240713-p3c9zatdjf 10

Sharing

General

Target

Trojan.NoEscape.zip
Size

617KB
Sample

240713-p3c9zatdjf
MD5

6249d14bba6f2e578af50a32bac74651
SHA1

de4bf281a7c8c1f11c614b7f53e34f0accb2950a
SHA256

23e622bd84485f58e4cffd07549e86554778dcb56de0af90a482b0672536cb0d
SHA512

b6c50493b35f2832770c5440c680887248636009e7ce162de48b1e0b0f00fcb342e08bda767c52968128e4862eede7b1ce9c328072082703a471d6b6e320b133
SSDEEP

12288:clU4YRQtxO8ItI1ks2ZrWWxwgCG/Va2TIRKH4MiySfKRQFrtaX:j4YaOtIas2ZHxd9N52rYX

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Trojan.NoEscape.exe
- Size
  
  666KB
- MD5
  
  989ae3d195203b323aa2b3adf04e9833
- SHA1
  
  31a45521bc672abcf64e50284ca5d4e6b3687dc8
- SHA256
  
  d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
- SHA512
  
  e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305
- SSDEEP
  
  12288:85J5X487qJUtcWfkVJ6g5s/cD01oKHQyis2AePsr8nP712TB:s487pcZEgwcDpg1L2tbPR2t
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan