58290a95e1795ec7312e4ce26bfff7e0fb7a620a3aac2627d3ae6c83f5a4bf60 | Triage

Sharing

General

Target

ransomware
Size

678KB
Sample

200630-ns1w3kbn4j
MD5

35271695a6202c514fef4520d49886ea
SHA1

8a7cc5c0f41ae45064a88ec67ab0e8a3ca2514f2
SHA256

58290a95e1795ec7312e4ce26bfff7e0fb7a620a3aac2627d3ae6c83f5a4bf60
SHA512

ff9e77f83fc28c4461cd335bb41b762e93ac57ad15c2489631ed4869a0c1d0fb94b1491629fcb29bb96629a5dcaaeedc9b31b07055d1465a14a685235fd8d4f9

Score

10^/10

evasion persistence ransomware spyware trojan

Malware Config

Targets

- Target
  
  ransomware
- Size
  
  678KB
- MD5
  
  35271695a6202c514fef4520d49886ea
- SHA1
  
  8a7cc5c0f41ae45064a88ec67ab0e8a3ca2514f2
- SHA256
  
  58290a95e1795ec7312e4ce26bfff7e0fb7a620a3aac2627d3ae6c83f5a4bf60
- SHA512
  
  ff9e77f83fc28c4461cd335bb41b762e93ac57ad15c2489631ed4869a0c1d0fb94b1491629fcb29bb96629a5dcaaeedc9b31b07055d1465a14a685235fd8d4f9
Score

10^/10

evasion trojan ransomware spyware persistence
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

File Deletion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasiontrojanransomwarespywarepersistence

behavioral2

ransomwarepersistencespywareevasiontrojan