d6b864d472efa77cbc6179e14e2172945ea1825860a5718dac6f0b835c9b2f01 | Triage

Sharing

General

Target

Temp Cleaner.bat
Size

2KB
Sample

240802-x2sbhawgmr
MD5

ec35c8fdb352d85df9d1c074b36e2196
SHA1

ba3eac35af48eb8492fa98ec19ab69e45aa7e211
SHA256

d6b864d472efa77cbc6179e14e2172945ea1825860a5718dac6f0b835c9b2f01
SHA512

c7a84a581146a68e8061ffd6efcd6b8e84019bb7c2f1da5e105eab887636b5b6763ef2cf9e756a0df3171e6883784d59bffc1b45ea95e4873d9e4f6126252bd1

Score

9^/10

discovery evasion persistence ransomware

Malware Config

Targets

- Target
  
  Temp Cleaner.bat
- Size
  
  2KB
- MD5
  
  ec35c8fdb352d85df9d1c074b36e2196
- SHA1
  
  ba3eac35af48eb8492fa98ec19ab69e45aa7e211
- SHA256
  
  d6b864d472efa77cbc6179e14e2172945ea1825860a5718dac6f0b835c9b2f01
- SHA512
  
  c7a84a581146a68e8061ffd6efcd6b8e84019bb7c2f1da5e105eab887636b5b6763ef2cf9e756a0df3171e6883784d59bffc1b45ea95e4873d9e4f6126252bd1
Score

9^/10

evasion persistence ransomware discovery
- Clears Windows event logs
  evasion ransomware
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Power Settings

Privilege Escalation

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Credential Access

Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

discoveryevasionpersistenceransomware