General
-
Target
drum kit_sound.wav
-
Size
187KB
-
Sample
241115-t96x3s1pbn
-
MD5
cc3076fd52cb56a0e8b5736edf9355c7
-
SHA1
deaa3a347763021649e8aae1c5c5f23b8f8a8143
-
SHA256
d3b1623d3be54832a44b509d1d0b7a8685abeea26b42c7e09a87467927dd8f7b
-
SHA512
ab54ea1315d70f88e4f7c0afc4f321ccfd056daeb77a53644eb8f31ee82aeef47a0af9d109fc95b779add7f61e900d6f703d9781370a251b5adb54962e540519
-
SSDEEP
3072:uul7lHZycwPgqmt+iGTvIiA6/N6HJatSHvArukZHbVdJy6ynEQ1irxAw0O:uyVcGqu+pv7ACNhgH+Fy6T
Malware Config
Targets
-
-
Target
drum kit_sound.wav
-
Size
187KB
-
MD5
cc3076fd52cb56a0e8b5736edf9355c7
-
SHA1
deaa3a347763021649e8aae1c5c5f23b8f8a8143
-
SHA256
d3b1623d3be54832a44b509d1d0b7a8685abeea26b42c7e09a87467927dd8f7b
-
SHA512
ab54ea1315d70f88e4f7c0afc4f321ccfd056daeb77a53644eb8f31ee82aeef47a0af9d109fc95b779add7f61e900d6f703d9781370a251b5adb54962e540519
-
SSDEEP
3072:uul7lHZycwPgqmt+iGTvIiA6/N6HJatSHvArukZHbVdJy6ynEQ1irxAw0O:uyVcGqu+pv7ACNhgH+Fy6T
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Event Triggered Execution: Image File Execution Options Injection
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Indicator Removal
2File Deletion
2Modify Registry
4