Resubmissions

12-01-2022 19:26

220112-x5lm5adgdn 10

12-01-2022 16:51

220112-vc3d3adcd5 10

General

  • Target

    c81917d8fe42d7d84686c3caedbb911d2d5dcbd2d1e0fec64b66b3301cad5a15.7z

  • Size

    831KB

  • Sample

    220112-vc3d3adcd5

  • MD5

    ed51fe10b305f21973aa752847cee29d

  • SHA1

    09c1c0b3024e6dfbdbe1bc23bf9f0007642eb257

  • SHA256

    1cba1a291ce919947f88133cd5e57177a1a1585fcb91bc39f61fabccf52ca76a

  • SHA512

    e8839432e0682dfe2a58eee82ccff46e44899ae85dfb6816bf671abf6bfbfe2fb99df11b304d4af3a59f28dc04f6c30755cb1abea43b815d5c07e7d414901292

Malware Config

Targets

    • Target

      c81917d8fe42d7d84686c3caedbb911d2d5dcbd2d1e0fec64b66b3301cad5a15

    • Size

      2.6MB

    • MD5

      e83823a144ac36854d9c007508c07e0a

    • SHA1

      4a9fa6364b55f85dca3ab6862a2fd73b67191098

    • SHA256

      c81917d8fe42d7d84686c3caedbb911d2d5dcbd2d1e0fec64b66b3301cad5a15

    • SHA512

      6bc9e7f553991c1a17eb842f00d4f6562f7a2b6df41d5fc8818aae02258b09f23d180a30b3b036e0161b1f810cfb3683b95d22c90d7552ada0444478af430d07

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Modifies Windows Defender Real-time Protection settings

    • Modifies security service

    • Clears Windows event logs

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks