e642de5564a66dba2c2da9bd657d79153b6e65c2c1ad55f8da5be0d471bac242 | Triage

Resubmissions

13-11-2024 01:28

241113-bvnh3stkfz 8

13-11-2024 01:26

241113-bthw7svarq 10

12-11-2024 21:01

241112-zvah8avjej 10

12-11-2024 20:33

241112-zb5v1stnhp 5

Sharing

General

Target

200730-48mxz512fa_pw_infected.zip
Size

1.1MB
Sample

241113-bthw7svarq
MD5

69a28e00bba77e3551479aa226aa4237
SHA1

37ffc2bc63a0a82963ce7720696266e6acce95ba
SHA256

e642de5564a66dba2c2da9bd657d79153b6e65c2c1ad55f8da5be0d471bac242
SHA512

b6906281d19579e8941287ae7315f0516b454681cab122faac594f74c2766109a64cab764aefbbc040213b217d5dd8f72585367fb533077896ecba34d09fa8c7
SSDEEP

24576:gUgNEpGTKCB5Muwytp3FGtYpSZ0HPRgN8zhXHV+VLLGiNMN3:UNEpGFB1wERFGtySZY+EhX1+VnNMV

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  mkp.exe
- Size
  
  1.2MB
- MD5
  
  2055bbde7b5a1afd6ea79974d1435a98
- SHA1
  
  e249c4f1d0910cb4660a3d41593692a02796472f
- SHA256
  
  e51abdb2023b560244802f7d9687944dc0dff3042c28d7bc7a2b517df6e24942
- SHA512
  
  f21f963ea6f3c394f61780825a0971f432450a7ca94353db0ba5915a0e190f0d65025c40756597b0170a3c23fb160e27011ce4a098afe2a518efc47a06874d55
- SSDEEP
  
  24576:AQkBF2DuFBsfrCbHdtvIwTGp+olFTPPxQoZeKVbygpgPh3aFMI9R2uacQs:AQIBsfrCHdtvdTCTO2pdygpiAJads
Score

10^/10

discovery evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoveryevasionpersistenceransomwaretrojan