2b1b49f641f6fdf1258d18947d2ff2fdda1c8cc223b4a2e2639a81ebf5bacbd6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_2368d2c1dce37cbfb25e534a961c328c_bkransomware
Size

331KB
Sample

240829-a5ehgsxarp
MD5

2368d2c1dce37cbfb25e534a961c328c
SHA1

0b1f4ba7c99946393cb77350d2a718a26131df05
SHA256

2b1b49f641f6fdf1258d18947d2ff2fdda1c8cc223b4a2e2639a81ebf5bacbd6
SHA512

d2bd060cd03fdbc22db51f7ce0558965eb68ff82a4fdc925c2ae4572f8f769bd0301dfc80610de0c48c91eaec6fe4ab05bc9c40761b69b99abdeacbae1b6c8e7
SSDEEP

6144:pmp5IBr4WYcFIgpRL00AIPB72s9UYJ1dMvc:poeuXc3bL00AIPh2s51dMk

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  2024-08-29_2368d2c1dce37cbfb25e534a961c328c_bkransomware
- Size
  
  331KB
- MD5
  
  2368d2c1dce37cbfb25e534a961c328c
- SHA1
  
  0b1f4ba7c99946393cb77350d2a718a26131df05
- SHA256
  
  2b1b49f641f6fdf1258d18947d2ff2fdda1c8cc223b4a2e2639a81ebf5bacbd6
- SHA512
  
  d2bd060cd03fdbc22db51f7ce0558965eb68ff82a4fdc925c2ae4572f8f769bd0301dfc80610de0c48c91eaec6fe4ab05bc9c40761b69b99abdeacbae1b6c8e7
- SSDEEP
  
  6144:pmp5IBr4WYcFIgpRL00AIPB72s9UYJ1dMvc:poeuXc3bL00AIPh2s51dMk
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence