Resubmissions

28-08-2021 12:40

210828-axvm9xyx22 10

26-08-2021 15:00

210826-kld7gw2q5s 10

25-08-2021 19:38

210825-dcd224fcn6 10

General

  • Target

    5674818689204224.zip

  • Size

    806KB

  • Sample

    210828-axvm9xyx22

  • MD5

    234a7bd1365909bcb8e2fc223bc539f6

  • SHA1

    4d3f2774ead7f3cf1021bd77eded7637bca8cb81

  • SHA256

    369549d5ec95924a65e6ef292fc7b8e4c272ef10ee28e44f46d2e12cac9b715e

  • SHA512

    63d8717595396cdd7dc59c9b017d2422edcde68d4845d1e55d793041764ba321c21e9cb6c78d580be396257da1e8ba63fb25cdaa0ee841c6c48a97644dc2eba1

Malware Config

Targets

    • Target

      a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749

    • Size

      808KB

    • MD5

      504bd1695de326bc533fde29b8a69319

    • SHA1

      67f0c8d81aefcfc5943b31d695972194ac15e9f2

    • SHA256

      a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749

    • SHA512

      18c5b28bafb13edf47f6a2b803d9d9a914945f037b266a765f2a324842c5ef04ebda27eba31851d2d63e00779a42900e0edfe4ad5bd817eb4f43fa4d4e3a4767

    • Hive

      A ransomware written in Golang first seen in June 2021.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks