General
-
Target
Trojan-Ransom.Win32.TeslaRvng.o-720dda988f52c63aa949df9a7b4c5d3e7bd1aa52eda88f965f1d62385f18eaf1.7z
-
Size
387KB
-
Sample
250501-14648agk9t
-
MD5
8437f085c8a9a66a8c11bf2928b6a759
-
SHA1
769725ab08eddfac94426ffec802eade43a249ac
-
SHA256
8aa2824307186620f05acaa06084a62342880d333792aa01b170a2b48d073392
-
SHA512
31155193e7a78fc7ba36bc8729414915c1939e04040589ea1d906ee3eb56c8718369c8fbc5ae33ea32c9802072d58a2b7214f92ccec8fcd7dc198651b3786f30
-
SSDEEP
6144:tzUf13Pm6JvOZckyTC9kK2RWs8IbfeRSb4MqwKOyPWe7:OfVJrTgdNIbcg4MqwDyOa
Static task
static1
Behavioral task
behavioral1
Sample
Trojan-Ransom.Win32.TeslaRvng.o-720dda988f52c63aa949df9a7b4c5d3e7bd1aa52eda88f965f1d62385f18eaf1.exe
Resource
win10v2004-20250410-en
Malware Config
Targets
-
-
Target
Trojan-Ransom.Win32.TeslaRvng.o-720dda988f52c63aa949df9a7b4c5d3e7bd1aa52eda88f965f1d62385f18eaf1.exe
-
Size
1.0MB
-
MD5
7665499f2a1dfd55439c266831f1584d
-
SHA1
da39a7bcbd898900b42a2a053bf040b9c89ca1b9
-
SHA256
720dda988f52c63aa949df9a7b4c5d3e7bd1aa52eda88f965f1d62385f18eaf1
-
SHA512
e524fbc30276c75f77b38d69ce8b4a5f37df76953f99e40a459ac368cca5f3ae978162f3da66aeb45d737e2a047b116cc541a4ff1e480d5fc04153277b69e35c
-
SSDEEP
12288:IZQcFp9J2/XSjp8cqNUfZ3QKgfS0Z0s9k/B+ojmBNgOR1y/K:fcFp9J2XSjp8cP/D0Zlkp+KNo1
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Creates new service(s)
-
Stops running service(s)
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v16
Execution
System Services
2Service Execution
2Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Impair Defenses
1Indicator Removal
2File Deletion
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1