Resubmissions

23-09-2021 15:15

210923-sm8bysege5 10

26-07-2021 12:41

210726-mpfkjgshnx 10

General

  • Target

    fcc2921020690a58c60eba35df885e575669e9803212f7791d7e1956f9bf8020.sample

  • Size

    21KB

  • Sample

    210923-sm8bysege5

  • MD5

    ce3cd1dab67814f5f153bccdaf502f4c

  • SHA1

    f246984193c927414e543d936d1fb643a2dff77b

  • SHA256

    fcc2921020690a58c60eba35df885e575669e9803212f7791d7e1956f9bf8020

  • SHA512

    015a9c54e65888cd0bf6e74ec26ddf42ba860b48ca56024a8f822be0cd56ed04fb80891ef21857f5ac65c97f6ecb050a1f1c33d1c5e9afddfcab0c59517a95e4

Malware Config

Targets

    • Target

      fcc2921020690a58c60eba35df885e575669e9803212f7791d7e1956f9bf8020.sample

    • Size

      21KB

    • MD5

      ce3cd1dab67814f5f153bccdaf502f4c

    • SHA1

      f246984193c927414e543d936d1fb643a2dff77b

    • SHA256

      fcc2921020690a58c60eba35df885e575669e9803212f7791d7e1956f9bf8020

    • SHA512

      015a9c54e65888cd0bf6e74ec26ddf42ba860b48ca56024a8f822be0cd56ed04fb80891ef21857f5ac65c97f6ecb050a1f1c33d1c5e9afddfcab0c59517a95e4

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks