d32bfb81bdddc681ff1ae58d2311a99b3f0560b2669f5dea12130307f7e035e1 | Triage

Sharing

General

Target

main.bat
Size

51KB
Sample

240920-qt5tasyhqr
MD5

d29a467b7c2bee2840c53d3089afeea2
SHA1

e8a048cb3ae8b834138497dc918f023301e8440e
SHA256

d32bfb81bdddc681ff1ae58d2311a99b3f0560b2669f5dea12130307f7e035e1
SHA512

9a616b59f2e52423512dd95f5fce41c54bd72caf076e7895540a0c74fd9d9cc03fa57c43f230214cd96b072c4e6f7f7ba652bdcf35a65ebbf8047a73210a30ca
SSDEEP

768:1posY9qsaIZz+QK7ruEDHs2guEDHsaOmh82mnUjQxOn1TMQ+:1CsYOBm9mnUk01L+

Score

10^/10

evasion execution persistence ransomware

Malware Config

Targets

- Target
  
  main.bat
- Size
  
  51KB
- MD5
  
  d29a467b7c2bee2840c53d3089afeea2
- SHA1
  
  e8a048cb3ae8b834138497dc918f023301e8440e
- SHA256
  
  d32bfb81bdddc681ff1ae58d2311a99b3f0560b2669f5dea12130307f7e035e1
- SHA512
  
  9a616b59f2e52423512dd95f5fce41c54bd72caf076e7895540a0c74fd9d9cc03fa57c43f230214cd96b072c4e6f7f7ba652bdcf35a65ebbf8047a73210a30ca
- SSDEEP
  
  768:1posY9qsaIZz+QK7ruEDHs2guEDHsaOmh82mnUjQxOn1TMQ+:1CsYOBm9mnUk01L+
Score

10^/10

evasion execution persistence ransomware
- Disables service(s)
  evasion execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Power Settings

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Service Stop

Tasks

static1

behavioral1

behavioral2

evasionexecutionpersistenceransomware