General
-
Target
satan.zip
-
Size
143KB
-
Sample
240720-ryqeva1cpq
-
MD5
d309e1391579364a758c67fafb3b6e8a
-
SHA1
d36d77044dce9a03766fce192629e6d2bc2e8dd5
-
SHA256
595e2825095b12ddfba4ee6f98f4f6cb1ff1fbc37a3b3191b2fc203d486ba163
-
SHA512
b1c5af6894983c58564a2b3b63e36edf0a2e5f6e6ab5268030eaf3027326dc2a9fc31e449a7dd12078a0e878afa753872e309e0e16bb58997e7fd3b8c03aa6cb
-
SSDEEP
3072:UFecUyHplrpGNQBSdtbrTUZDEsSubSSDfBM/KHGn7cf4zF5/7+:UFhU8pzjBSbUdPS9SDZIKHUj+
Malware Config
Targets
-
-
Target
satan.bin
-
Size
184KB
-
MD5
c9c341eaf04c89933ed28cbc2739d325
-
SHA1
c5b7d47aef3bd33a24293138fcba3a5ff286c2a8
-
SHA256
1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7
-
SHA512
7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b
-
SSDEEP
3072:H8SIBtQnE7OhssdWJ5jy392aCmCbBq0ryEbh/Wl7hqU6Q4NJ15xgDbvSY5thfRb3:c7qvhssdu5jyYaCmCQVE6hqUI5sb9Rb3
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
2