9ba68a024c6d56ea4f0aa7378138afe1a3afd6b1ee313f4ea2f65597387a4acd | Triage

Sharing

General

Target

STABLE BUILD (RECOMMENDED).zip
Size

35.1MB
Sample

240909-1zgzjaseqm
MD5

da7981bb9a0d7385f5371503f2e84a92
SHA1

56540b048f81c413d7c5f00f4afe0d4f9e92aaf7
SHA256

9ba68a024c6d56ea4f0aa7378138afe1a3afd6b1ee313f4ea2f65597387a4acd
SHA512

9ee4cb4512be7cd972cb65c1dc2ea8eaca733da61077e3ccdece2556ba7b24a606e6a684ee6185d2580e556e67dbe1155e9dd24cf2e0ffae044c9fc44baf87af
SSDEEP

393216:/cUkpoaEPPB6yZGSpuVdK+Se0qRjklgE4DcsmFCpnGa2vuOmKZexzIv2QGlO9/:/cmZdwq24+UxeYZopnGZvheI2QGlO9/

Score

9^/10

evasion ransomware

Malware Config

Targets

- Target
  
  STABLE BUILD (RECOMMENDED)/LAUNCHER.exe
- Size
  
  24.8MB
- MD5
  
  49cf2b05224767dc987f00a214236fa1
- SHA1
  
  55f0d9988496a40bafbce94ca4983fb11fb8a8ea
- SHA256
  
  5e54acfb38778d8f0170f0ce03dde9085a31d587c9855080adf90d3d28fa427f
- SHA512
  
  227cbfb2cf26e9d029b0d3627ee2b8302f1337f6218c534616d6ae7b68cf4b17938674181e4c085aa044aa9999b58b41647eb6d4efbdc9c1132a4e68f2915f02
- SSDEEP
  
  393216:lcUkpoaEPPB6yZGSpuVdK+Se0qRjklgE4DcsmFCpnGa2vuOmKZexzIv2Q:lcmZdwq24+UxeYZopnGZvheI2Q
Score

9^/10

evasion ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

evasionransomware