4f5aa071b2a076aa3cdff8c39900e4e30d9ae268592e1f0da0b3b45960f59e82 | Triage

Sharing

General

Target

BPFA.exe
Size

2.4MB
Sample

250415-yg6ttszpw4
MD5

365bf9812eba8d96ae4638ad64ec012a
SHA1

75dc6415bdc2a3f1414eb0acecd93884f22d6f94
SHA256

4f5aa071b2a076aa3cdff8c39900e4e30d9ae268592e1f0da0b3b45960f59e82
SHA512

6ea7df3aec40915b71c2d841aad4d6d9806cdeca2a776cf78b64b215dfbb880a0ca2fff7635893b127af6a56ab88698faedc57430220c04e94666dbd0d749b60
SSDEEP

49152:KYsjqFhUmKSbmPAmppd4fnz+Crjj6Pxpdna7+1yPw5pOSTgaYsj:ujqF+7vPvd4fniCYxpda7syPCOSMej

Score

8^/10

defense_evasion discovery persistence ransomware

Malware Config

Targets

- Target
  
  BPFA.exe
- Size
  
  2.4MB
- MD5
  
  365bf9812eba8d96ae4638ad64ec012a
- SHA1
  
  75dc6415bdc2a3f1414eb0acecd93884f22d6f94
- SHA256
  
  4f5aa071b2a076aa3cdff8c39900e4e30d9ae268592e1f0da0b3b45960f59e82
- SHA512
  
  6ea7df3aec40915b71c2d841aad4d6d9806cdeca2a776cf78b64b215dfbb880a0ca2fff7635893b127af6a56ab88698faedc57430220c04e94666dbd0d749b60
- SSDEEP
  
  49152:KYsjqFhUmKSbmPAmppd4fnz+Crjj6Pxpdna7+1yPw5pOSTgaYsj:ujqF+7vPvd4fniCYxpda7syPCOSMej
Score

8^/10

defense_evasion discovery persistence ransomware
- Disables Task Manager via registry modification
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceransomware

behavioral2

defense_evasiondiscoverypersistenceransomware