2181199b28b86022e3f975a3cec5d0f56fc13cb6385627e4a288063ce0b9b433 | Triage

Sharing

General

Target

2.0.rar
Size

477KB
Sample

241120-qwls7sxbqc
MD5

20928a801cf74fa9f9e8ef76d3211109
SHA1

0d1b1815a441763c7732f237ea334e3dfbc20093
SHA256

2181199b28b86022e3f975a3cec5d0f56fc13cb6385627e4a288063ce0b9b433
SHA512

10ee8f796187459f87c6218f457d9c94d73b5f31750d8fdc5278d1ad27ad980fc9ca82162d111deb848ed11e7aa071ac6e9937afdf115d156462aefbe8f50ad8
SSDEEP

12288:wzs7p+jqPhwVO2KcMULjkUIHv7iDFasELvHyC3KTs:0Sp+jqP6ISMULjoW5wygIs

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  1d871d84ee02630558411e47c81ef2aa8bef8f6cd8daaf594f133f545f772c26.exe
- Size
  
  824KB
- MD5
  
  7d17a868abac9de81fe79087eee31471
- SHA1
  
  2d3f58ea051db43964243b8aefb7279e45e7bda9
- SHA256
  
  1d871d84ee02630558411e47c81ef2aa8bef8f6cd8daaf594f133f545f772c26
- SHA512
  
  85ec6c3cf0908b306712041fc9d971d27349641245c29f126e01443dcc6ccd78530c789b15d345938c194009c890b42f7c95bc65deae1ef7372e5744651f9540
- SSDEEP
  
  24576:ntfYkVVmFFFKvvvvvvvvvvvvvvvvms4AkVVmFFFKvvvvvvvvvvvvvvvvms4n:n+vnAvn
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2
- Target
  
  9aaeb479b6bb61b97d6843d8681229ec1873acd0b488d575d71956c8d1ad1b02.exe
- Size
  
  500KB
- MD5
  
  c8c3a98c2916e96f5b8f07aeeb740066
- SHA1
  
  c4920da5ce4f8912186dca18404ce7a9327c8dab
- SHA256
  
  9aaeb479b6bb61b97d6843d8681229ec1873acd0b488d575d71956c8d1ad1b02
- SHA512
  
  17bbde312e5fdbcc2766c5f0d5895dab72439844b8b2f89e4e3207a1c9396c8254ad0f2ce47ddb4c8081e9aabb9a61aa982babe47adfa0ba3e456c38d338e1e2
- SSDEEP
  
  12288:+uRvXH+lNAFAvcE4vIKvQDsORs0hqK4vF:+gfelySvcE4vIKvUTRsRK8F
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware

behavioral3

evasionpersistenceransomware

behavioral4

evasionpersistenceransomware