e04ca52275d940234c4cf1744c64712513319668dbf7a0d77111a03cf9fdba40 | Triage

Sharing

General

Target

Arata_Verdacrypt.ps1
Size

34KB
Sample

250328-yq2lgasms4
MD5

470f24b0d1fcbfaae2ba8286ab64f0f2
SHA1

cefe5f8886ed2468f7834c5ed0abafbee7083245
SHA256

e04ca52275d940234c4cf1744c64712513319668dbf7a0d77111a03cf9fdba40
SHA512

e108433b636de0454ff3cdb4822be12b84950e5cf32f63ded0b2d2d532f570357156e15aacd7a8b95aabcd7f4280609e1fcde32146883ab866e1d65600768715
SSDEEP

384:thz/snUBSzj5mMEEpi0D04eEMls/11AUfoUHaWPw3+4CFYV5jIyJu7Y:NM5mME00xEbrl6Yq+40+IF7Y

Score

10^/10

defense_evasion discovery execution persistence privilege_escalation ransomware

Malware Config

Targets

- Target
  
  Arata_Verdacrypt.ps1
- Size
  
  34KB
- MD5
  
  470f24b0d1fcbfaae2ba8286ab64f0f2
- SHA1
  
  cefe5f8886ed2468f7834c5ed0abafbee7083245
- SHA256
  
  e04ca52275d940234c4cf1744c64712513319668dbf7a0d77111a03cf9fdba40
- SHA512
  
  e108433b636de0454ff3cdb4822be12b84950e5cf32f63ded0b2d2d532f570357156e15aacd7a8b95aabcd7f4280609e1fcde32146883ab866e1d65600768715
- SSDEEP
  
  384:thz/snUBSzj5mMEEpi0D04eEMls/11AUfoUHaWPw3+4CFYV5jIyJu7Y:NM5mME00xEbrl6Yq+40+IF7Y
Score

9^/10

execution defense_evasion discovery persistence privilege_escalation ransomware
- Clears Windows event logs
  defense_evasion ransomware
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Component Object Model Hijacking

Power Settings

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Credential Access

Discovery

Query Registry

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryexecutionpersistenceprivilege_escalationransomware