General

  • Target

    Ransomware.exe

  • Size

    27KB

  • Sample

    241105-yln5ksyanm

  • MD5

    0fa45697008c498ad046c8e5badf84de

  • SHA1

    30397727bc11f16a3b405a8ad53acb7bbd7e270f

  • SHA256

    181754743618dec5abc164cdb9d611ab0ce275220fb86933425e6d2375f05c5a

  • SHA512

    65f5c6fabce2a5e7429a537d92860eb625fdcaf48c52212137fefaf81226441f7fc451e16596cee6b60b83c8d16192595ea69fd6c3a0fb0f9764e08fd102a4b0

  • SSDEEP

    384:eawog283gPF0pEWww9aPMbzrzoWkXxcOETKanIASy9BhEzXtHVQ6kYcV6O7UiJFh:+4KKWxbrkrGRIASyokYcV6O4izh

Malware Config

Targets

    • Target

      Ransomware.exe

    • Size

      27KB

    • MD5

      0fa45697008c498ad046c8e5badf84de

    • SHA1

      30397727bc11f16a3b405a8ad53acb7bbd7e270f

    • SHA256

      181754743618dec5abc164cdb9d611ab0ce275220fb86933425e6d2375f05c5a

    • SHA512

      65f5c6fabce2a5e7429a537d92860eb625fdcaf48c52212137fefaf81226441f7fc451e16596cee6b60b83c8d16192595ea69fd6c3a0fb0f9764e08fd102a4b0

    • SSDEEP

      384:eawog283gPF0pEWww9aPMbzrzoWkXxcOETKanIASy9BhEzXtHVQ6kYcV6O7UiJFh:+4KKWxbrkrGRIASyokYcV6O4izh

    • Modifies WinLogon for persistence

    • UAC bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks