70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1 | Triage

Resubmissions

05-08-2024 17:14

240805-vrzlqawfqe 8

05-08-2024 17:12

240805-vq6zeawfpd 1

05-08-2024 17:11

240805-vqak7ssfjr 10

05-08-2024 17:08

240805-vnj2vswfjf 7

05-08-2024 17:04

240805-vlqrmasenp 10

05-08-2024 17:01

240805-vj1ttawelb 6

Sharing

General

Target

sample
Size

7KB
Sample

240805-vqak7ssfjr
MD5

4b320922990cfb723b67147a7a97d345
SHA1

5d134dcee4aaeadbea36761640434a45c708b081
SHA256

70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1
SHA512

b21548566a22c31ca19de100264d1c2cefe0c8d8a0361f325194e6514453813376da301b4bb71c9ac0e4c3c1c84589276af79e7f48dd4e6d8ae553590ac823d3
SSDEEP

96:SDQ1jWHRUV/okJOlIDNSW0S9I3gtYEMLX+jZEBZu:oQHokYlIVYFSjZmu

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  sample
- Size
  
  7KB
- MD5
  
  4b320922990cfb723b67147a7a97d345
- SHA1
  
  5d134dcee4aaeadbea36761640434a45c708b081
- SHA256
  
  70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1
- SHA512
  
  b21548566a22c31ca19de100264d1c2cefe0c8d8a0361f325194e6514453813376da301b4bb71c9ac0e4c3c1c84589276af79e7f48dd4e6d8ae553590ac823d3
- SSDEEP
  
  96:SDQ1jWHRUV/okJOlIDNSW0S9I3gtYEMLX+jZEBZu:oQHokYlIVYFSjZmu
Score

10^/10

discovery evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoveryevasionpersistenceransomwaretrojan