282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636.bin.sample

General
Target

282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636.bin.sample

Size

52KB

Sample

211020-ntmllshaa3

Score
8 /10
MD5

28945b625617cfdcc444b428de0a7a00

SHA1

9cab670cd0d11e901cdb3f197aa18f1a6e2930ba

SHA256

282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636

SHA512

eab6d0816c972a435e11e195194699748058127203bc726061689f986d6dbc49978b4e78b7f93d550233f2f22046888b938ad8ac9c4cf01cfb3de08cf642f19d

Malware Config
Targets
Target

282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636.bin.sample

MD5

28945b625617cfdcc444b428de0a7a00

Filesize

52KB

Score
8/10
SHA1

9cab670cd0d11e901cdb3f197aa18f1a6e2930ba

SHA256

282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636

SHA512

eab6d0816c972a435e11e195194699748058127203bc726061689f986d6dbc49978b4e78b7f93d550233f2f22046888b938ad8ac9c4cf01cfb3de08cf642f19d

Tags

Signatures

  • Executes dropped EXE

  • Modifies Installed Components in the registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1