General

  • Target

    63ba6db8c81c60dd9f1a0c7c4a4c51e2e56883f063509ed7b543ad7651fd8806.ps1

  • Size

    1.6MB

  • Sample

    201005-xfm57h7c1j

  • MD5

    c171bcd34151cbcd48edbce13796e0ed

  • SHA1

    2770fec86275dfb1a4a05e2d56bc27a089197666

  • SHA256

    63ba6db8c81c60dd9f1a0c7c4a4c51e2e56883f063509ed7b543ad7651fd8806

  • SHA512

    d25cbb70dae9bcc49d32c15300734879fe4c1b7ae35cb5affab50e8a61ae7226832b278d846f76f7eedc3a1baf35e2aec4e8c364eab99cddb00c2ffeb97283da

Malware Config

Targets

    • Target

      63ba6db8c81c60dd9f1a0c7c4a4c51e2e56883f063509ed7b543ad7651fd8806.ps1

    • Size

      1.6MB

    • MD5

      c171bcd34151cbcd48edbce13796e0ed

    • SHA1

      2770fec86275dfb1a4a05e2d56bc27a089197666

    • SHA256

      63ba6db8c81c60dd9f1a0c7c4a4c51e2e56883f063509ed7b543ad7651fd8806

    • SHA512

      d25cbb70dae9bcc49d32c15300734879fe4c1b7ae35cb5affab50e8a61ae7226832b278d846f76f7eedc3a1baf35e2aec4e8c364eab99cddb00c2ffeb97283da

    • SunCrypt Ransomware

      Family which threatens to leak data alongside encrypting files. Has claimed to be collaborating with the Maze ransomware group.

    • Blacklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies service

MITRE ATT&CK Enterprise v6

Tasks