Resubmissions

06-04-2021 16:38

210406-pa5tpj4bra 8

05-04-2021 09:13

210405-ald3l915jn 10

General

  • Target

    updated.exe

  • Size

    5.1MB

  • Sample

    210406-pa5tpj4bra

  • MD5

    e3749a1c5284b28ad7ded54ed747b6e0

  • SHA1

    c516f5af4ab59ec6750ac86d11f06ee1dd47a1dd

  • SHA256

    430039aeee4362784600b6b6994b72395c2666aa6d1ad30e6cbf1ed89ecbeaa9

  • SHA512

    acd1911e755d715b7c96ea278a6f4ea039884a85ac230913b1bd85b3f1ab6e322d9cbe9e9869a4c9eeeb5460ebeca9591b5e64d48789ded45d8bc0168ec22bb4

Malware Config

Targets

    • Target

      updated.exe

    • Size

      5.1MB

    • MD5

      e3749a1c5284b28ad7ded54ed747b6e0

    • SHA1

      c516f5af4ab59ec6750ac86d11f06ee1dd47a1dd

    • SHA256

      430039aeee4362784600b6b6994b72395c2666aa6d1ad30e6cbf1ed89ecbeaa9

    • SHA512

      acd1911e755d715b7c96ea278a6f4ea039884a85ac230913b1bd85b3f1ab6e322d9cbe9e9869a4c9eeeb5460ebeca9591b5e64d48789ded45d8bc0168ec22bb4

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks