f02c37f619d4bd2d0b16092a95599a59b45def9e18f46d733c8a885ffd776bbf | Triage

Sharing

General

Target

220105-edpatsabeq_pw_infected.zip
Size

127KB
Sample

241120-sqtyqstjgk
MD5

f7e64237f3f1bf0f476aa8e368e564a3
SHA1

83a18316640bbd5bd115ebb6072f3a4c2a41245f
SHA256

f02c37f619d4bd2d0b16092a95599a59b45def9e18f46d733c8a885ffd776bbf
SHA512

427bab03cf41a311ac8a2bcc5226cb653b6b00d4ff0adff62a173a220bf862350a40e00b1f1848e2db10a9b23ae92b641e8dd034112476fb60c938107973c923
SSDEEP

3072:jjOeD7z15hPNDgvJ714Gx9dzo2iPoX27q9HEnwJ3lw3G9fi:jjnh599EhiPUEqDVJK

Score

10^/10

discovery evasion persistence ransomware

Malware Config

Targets

- Target
  
  Ransomware.exe
- Size
  
  226KB
- MD5
  
  d84b539729ac3e998beb543a31a698cc
- SHA1
  
  9fd3145c32b13a99cc9bb90f4a365615504eafe1
- SHA256
  
  78bd79e04587e7cb4e0822ef430badd710aa1f10e5e227a6226ca17cca8a8c27
- SHA512
  
  1af2784a2d71ddaf9b110b8e70f2fc3e96e8f2da08c02bcd6dd7e74416b8695794f0a5890cb41b3dee411a2d3f716682afe7fd10740a79a70c139fb79f00c15e
- SSDEEP
  
  3072:BQqYoq/mfae47e4frk8feIy4yLahVxjrRKzHA86mgsFlI3ToCku5rRspB:4/SI7ffrzfs4yLajx888XDI3T/kAE
Score

10^/10

discovery evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoveryevasionpersistenceransomware

behavioral2

discoveryevasionpersistenceransomware