Resubmissions

12-01-2022 19:19

220112-x1l34adgcp 10

12-01-2022 16:47

220112-vazkdsdcb6 10

General

  • Target

    edf745e4d22485a77b93437843023b27d072fcffb14ea91ca8f309b14d5c5826.7z

  • Size

    867KB

  • Sample

    220112-vazkdsdcb6

  • MD5

    11756a255c9a65ce901933d6cdf406c3

  • SHA1

    99e967f539007f73a69ea79043d02af2cbeb68ad

  • SHA256

    7fec4b17ae054d493120bf3a12f063b80b7d4ba1312587af3a262ace48ccf615

  • SHA512

    772736c79b82ee806dbac2c20af96ae11c277a763b2bc30def9fe66f532c28249c57dd2d9c97e55b3f9c6c313c6426050bacfed04300c946191118464827aa6e

Malware Config

Targets

    • Target

      edf745e4d22485a77b93437843023b27d072fcffb14ea91ca8f309b14d5c5826

    • Size

      2.7MB

    • MD5

      fd7791be5fa43af1e9add98f15cf9c58

    • SHA1

      78a7c5facdbbb0584033dd57b25c4df854c48eb7

    • SHA256

      edf745e4d22485a77b93437843023b27d072fcffb14ea91ca8f309b14d5c5826

    • SHA512

      1020f1c311403020e7a604d69509c9ccd3d4c5fca4a643045241db52455eb8380d883c7f8e6e4b75ab32a252ed9fd5c90e0ab254f1836e4fdddb1622291b371a

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Modifies Windows Defender Real-time Protection settings

    • Modifies security service

    • Clears Windows event logs

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks