7ad75a6780417178b6026fe7f18a38dcb455e60d0f09391bbb9de6d9487c0526 | Triage

Sharing

General

Target

VixenCleaner.exe
Size

5.0MB
Sample

241121-alyr1swpgt
MD5

f896695ef615c4d5e09df4ccaa2984b5
SHA1

8f3517b2ecdf56d7372e7e89b35be6ee096f5292
SHA256

7ad75a6780417178b6026fe7f18a38dcb455e60d0f09391bbb9de6d9487c0526
SHA512

1aeb0b8f24354bce29df0855cd92456af1245f011918551ea383b2a9a1e0cd5add583b06fe541de771fd2507188e23446e022c0054187b20882e7c5393990516
SSDEEP

98304:Yxt16Pb/JC9apF5i6QzMffuhWMrd4wg4R6qVUlYL5jGTUp4c4gU:Yz8D/g9vzwfuo+2wz7VjGAp

Score

9^/10

defense_evasion discovery evasion execution impact ransomware

Malware Config

Targets

- Target
  
  VixenCleaner.exe
- Size
  
  5.0MB
- MD5
  
  f896695ef615c4d5e09df4ccaa2984b5
- SHA1
  
  8f3517b2ecdf56d7372e7e89b35be6ee096f5292
- SHA256
  
  7ad75a6780417178b6026fe7f18a38dcb455e60d0f09391bbb9de6d9487c0526
- SHA512
  
  1aeb0b8f24354bce29df0855cd92456af1245f011918551ea383b2a9a1e0cd5add583b06fe541de771fd2507188e23446e022c0054187b20882e7c5393990516
- SSDEEP
  
  98304:Yxt16Pb/JC9apF5i6QzMffuhWMrd4wg4R6qVUlYL5jGTUp4c4gU:Yz8D/g9vzwfuo+2wz7VjGAp
Score

9^/10

defense_evasion discovery evasion execution impact ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Windows Management Instrumentation

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Direct Volume Access

Impair Defenses

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Service Stop

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryevasionexecutionimpactransomware