1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7 | Triage

Sharing

General

Target

satan.exe
Size

184KB
Sample

241121-b4cg6sxcpg
MD5

c9c341eaf04c89933ed28cbc2739d325
SHA1

c5b7d47aef3bd33a24293138fcba3a5ff286c2a8
SHA256

1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7
SHA512

7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b
SSDEEP

3072:H8SIBtQnE7OhssdWJ5jy392aCmCbBq0ryEbh/Wl7hqU6Q4NJ15xgDbvSY5thfRb3:c7qvhssdu5jyYaCmCQVE6hqUI5sb9Rb3

Score

9^/10

defense_evasion discovery execution impact persistence ransomware

Malware Config

Targets

- Target
  
  satan.exe
- Size
  
  184KB
- MD5
  
  c9c341eaf04c89933ed28cbc2739d325
- SHA1
  
  c5b7d47aef3bd33a24293138fcba3a5ff286c2a8
- SHA256
  
  1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7
- SHA512
  
  7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b
- SSDEEP
  
  3072:H8SIBtQnE7OhssdWJ5jy392aCmCbBq0ryEbh/Wl7hqU6Q4NJ15xgDbvSY5thfRb3:c7qvhssdu5jyYaCmCQVE6hqUI5sb9Rb3
Score

9^/10

defense_evasion discovery execution impact persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionimpactpersistenceransomware

behavioral2

defense_evasiondiscoveryexecutionimpactpersistenceransomware