97171b9d6743959ee9873ea8ab1a6ea9a2cf66158cf478642bfde38b03639554 | Triage

Sharing

General

Target

Retrac.zip
Size

1.6MB
Sample

250330-ya2xasvyfv
MD5

0027a83e8a8fb4600c9962d4d688fa69
SHA1

44413383671520d7e5dd0a5ff4688f6f1f1e9fad
SHA256

97171b9d6743959ee9873ea8ab1a6ea9a2cf66158cf478642bfde38b03639554
SHA512

564c342735e5ecfe5e7d481d1c1f9ef97fcec5b70d1d5a4dfd13f3ca1081bef7371b0941286e64e85d8e825a12997d441ce03680a70ffbb2d186afddb751c2fd
SSDEEP

49152:350n1gjeC9tJXGjXBnU9C0j7vQ8izMGwPHRaRVX8tA8Q:3E1M1JXGjXBnX0no8iYGWHmVMtA8Q

Score

9^/10

defense_evasion ransomware

Malware Config

Targets

- Target
  
  Retrac.zip
- Size
  
  1.6MB
- MD5
  
  0027a83e8a8fb4600c9962d4d688fa69
- SHA1
  
  44413383671520d7e5dd0a5ff4688f6f1f1e9fad
- SHA256
  
  97171b9d6743959ee9873ea8ab1a6ea9a2cf66158cf478642bfde38b03639554
- SHA512
  
  564c342735e5ecfe5e7d481d1c1f9ef97fcec5b70d1d5a4dfd13f3ca1081bef7371b0941286e64e85d8e825a12997d441ce03680a70ffbb2d186afddb751c2fd
- SSDEEP
  
  49152:350n1gjeC9tJXGjXBnU9C0j7vQ8izMGwPHRaRVX8tA8Q:3E1M1JXGjXBnX0no8iYGWHmVMtA8Q
Score

1^/10
behavioral1 behavioral2
- Target
  
  Retrac.exe
- Size
  
  932KB
- MD5
  
  2fd21c9c29f8761865340fc9efb530c4
- SHA1
  
  ba5f8d1ebd67e6aa0d596ee6a102fec681b83e7c
- SHA256
  
  236b42ab76fcda6d8914e56ee80d0372e8552e7bc96942412c5e63ebb2980d64
- SHA512
  
  78ba5da96511d28927e7442001757d9138c70154977580a4cd8fadc44831b92c6724b5e0a00e30494ff9f3c553d2cc967cd412515152c85cf73d4a9559487dec
- SSDEEP
  
  12288:tjMsQ7auPRHrnNtinnsrHD+3/4Y6EW5lRXi0kyf+zB1FPN:NMsnuPRHrnLinCHK3Z6EElw3yf+Nj
Score

9^/10

defense_evasion ransomware
- Clears Windows event logs
  defense_evasion ransomware
- Indicator Removal: Clear Persistence
  Clear artifacts associated with previously established persistence like scheduletasks on a host.
  defense_evasion
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral3 behavioral4
- Target
  
  Vanguardmapper.exe
- Size
  
  134KB
- MD5
  
  e1cbb6cc58f3ed1bc81f59bea5b1db3c
- SHA1
  
  a9ce68cc285c5794546adeddfbdefb4328151511
- SHA256
  
  60972c9864e6edb571f6d8cfa93853ff48c2c1e07f36f2b6ff0673dfbc4b010a
- SHA512
  
  660487d13692b13130c199f52b5713799349610df16a0287655947654d643162593382abc1ccb9e7e3a867377bc2aa239f0973dd0223276e12cc2b00d51f3950
- SSDEEP
  
  3072:dOppprNqCoYbBKSgFKO+U89rPmJTQSaMm5/6103ooo:dOp/r8CoYtjA+ZEWl4coo
Score

1^/10
behavioral5 behavioral6
- Target
  
  drv.sys
- Size
  
  16KB
- MD5
  
  52ac327ca665edaf91d7df173941150c
- SHA1
  
  53e3a09585b0104d1069ee65e69c5f7ddbdcdbb7
- SHA256
  
  9b23931faa828862e547458ba8c0f35ee894b88e1f021ccd5f2461bf03433fa4
- SHA512
  
  97d5e82d6e3ef5fb73d7e7ffee19b1f05b87a76502503e354615ea7251256359e2c81b018e72ce7f462c7b93a0944bc64567dab5dca2d338dc7f2b2fb12771ca
- SSDEEP
  
  384:0fDb54vGnZXy8FCyvYv7z+Nyb8E9VFzSJIVbvB/pQT92:0hnZXdFbvYvnGEsGvB/pU2
Score

1^/10
behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Clear Persistence

Clear Windows Event Logs

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

defense_evasionransomware

behavioral4

defense_evasionransomware

behavioral5

behavioral6

behavioral7