General
-
Target
Mortgage Description.exe
-
Size
864KB
-
Sample
210211-1ntyqnmrc6
-
MD5
82ff2d4182e8d49b1553cfec4739011c
-
SHA1
f1605f87331b2c980db3757adcfafb065e318f67
-
SHA256
b57d694b6d1f9e0634953e8f5c1e4faf84fb50be806a8887dd5b31bfd58a167f
-
SHA512
85e5e7fab18b096d334d3bf7625e071690f89cd4dffb6c46d30d15f1ec190bfc11c08b8f261d7f59db93fd90e56b4fb84e9efbf99cb779fb6844d4a80772a188
Malware Config
Targets
-
-
Target
Mortgage Description.exe
-
Size
864KB
-
MD5
82ff2d4182e8d49b1553cfec4739011c
-
SHA1
f1605f87331b2c980db3757adcfafb065e318f67
-
SHA256
b57d694b6d1f9e0634953e8f5c1e4faf84fb50be806a8887dd5b31bfd58a167f
-
SHA512
85e5e7fab18b096d334d3bf7625e071690f89cd4dffb6c46d30d15f1ec190bfc11c08b8f261d7f59db93fd90e56b4fb84e9efbf99cb779fb6844d4a80772a188
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-