918c4401e1348bffca7ef5df0c9f5ebd185dde6edcfd64d75ed3af8b67f4992b | Triage

Sharing

General

Target

Trojan.Win32.Zombie.rfn918c4401e1348bffca7ef5df0c9f5ebd185dde6edcfd64d75ed3af8b67f4992bN
Size

79KB
Sample

240919-ft5s7asflr
MD5

8f5ff271993998e0388d498274572510
SHA1

b68368b7ba9009c545bb3864b7f59cfee5a65080
SHA256

918c4401e1348bffca7ef5df0c9f5ebd185dde6edcfd64d75ed3af8b67f4992b
SHA512

ed135ba4aad4cf569726a9e4349c58385c6f63fcf1a9c6cba238a90c5ba2d93e9525bb7a4ddaa592d9279f44d3497abdb7b82ee38febe574684fffa5c6a1c6bf
SSDEEP

1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8zx0Cq/8S/8dY6:6e76mQSop8i8/

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  Trojan.Win32.Zombie.rfn918c4401e1348bffca7ef5df0c9f5ebd185dde6edcfd64d75ed3af8b67f4992bN
- Size
  
  79KB
- MD5
  
  8f5ff271993998e0388d498274572510
- SHA1
  
  b68368b7ba9009c545bb3864b7f59cfee5a65080
- SHA256
  
  918c4401e1348bffca7ef5df0c9f5ebd185dde6edcfd64d75ed3af8b67f4992b
- SHA512
  
  ed135ba4aad4cf569726a9e4349c58385c6f63fcf1a9c6cba238a90c5ba2d93e9525bb7a4ddaa592d9279f44d3497abdb7b82ee38febe574684fffa5c6a1c6bf
- SSDEEP
  
  1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8zx0Cq/8S/8dY6:6e76mQSop8i8/
Score

9^/10

discovery ransomware
- Renames multiple (3487) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware