68310e7362e3f6a42dfd3f30b1664d5bce98045d606ba9e321ae5a2aa12fb034 | Triage

Resubmissions

31/03/2025, 16:20

250331-ttgcgsttbw 10

31/03/2025, 15:33

250331-sy8rvssxgz 10

31/03/2025, 15:30

250331-sxh5tasxfs 3

Sharing

General

Target

EasyInstallerV2.exe
Size

954KB
Sample

250331-sy8rvssxgz
MD5

7dc8bd5f288db84de1673551e097091c
SHA1

74dc9cb4c1e34fa9fbdfd9f1368517136592ba4f
SHA256

68310e7362e3f6a42dfd3f30b1664d5bce98045d606ba9e321ae5a2aa12fb034
SHA512

57d7c3edd1de49aab4c83171adce94f2ef2b02a8ecc39db6f0e88f4541839f181e8b2b9a11b96f063577a3268796e55663473db533b2987fe9ea07ce8573f759
SSDEEP

12288:uLXxYS9cj/sTS9cj/ssFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDi:u7zMTMNNd+g5Wk78GBBjgrIQtDg

Score

10^/10

defense_evasion discovery persistence ransomware trojan

Malware Config

Targets

- Target
  
  EasyInstallerV2.exe
- Size
  
  954KB
- MD5
  
  7dc8bd5f288db84de1673551e097091c
- SHA1
  
  74dc9cb4c1e34fa9fbdfd9f1368517136592ba4f
- SHA256
  
  68310e7362e3f6a42dfd3f30b1664d5bce98045d606ba9e321ae5a2aa12fb034
- SHA512
  
  57d7c3edd1de49aab4c83171adce94f2ef2b02a8ecc39db6f0e88f4541839f181e8b2b9a11b96f063577a3268796e55663473db533b2987fe9ea07ce8573f759
- SSDEEP
  
  12288:uLXxYS9cj/sTS9cj/ssFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDi:u7zMTMNNd+g5Wk78GBBjgrIQtDg
Score

10^/10

defense_evasion discovery persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceransomwaretrojan