Resubmissions

12-01-2022 19:26

220112-x5ql3sdgdr 10

12-01-2022 16:53

220112-vdzdssddcl 10

General

  • Target

    5baa791a0bcaff60080472bfa434631bc7524b8a10989ed6e7b200f010cb8e1d.7z

  • Size

    958KB

  • Sample

    220112-vdzdssddcl

  • MD5

    4d4c8a1799c1cad6df3f8cfc82294d6e

  • SHA1

    5779e8fc0170be5cf30b01bf5b3d1e19bbaf6dd8

  • SHA256

    e27dcfb10467613e5ee52796f378f4983bce3f5beb8bc372cbd05da28691fd0d

  • SHA512

    9e30dd3e720d744a5e27a234654d46cbb1afdc106c8c3a9660e659a04330f1ae4768505dd96fc906985a0e5382e4091ca5006adcb16afaf1c258f43efc9531e9

Malware Config

Targets

    • Target

      5baa791a0bcaff60080472bfa434631bc7524b8a10989ed6e7b200f010cb8e1d

    • Size

      3.1MB

    • MD5

      f5d7efaec3c1274b0aaa704a6caa1671

    • SHA1

      ec5c25e1cee1dca5c75baf5a6e3bec69441959dc

    • SHA256

      5baa791a0bcaff60080472bfa434631bc7524b8a10989ed6e7b200f010cb8e1d

    • SHA512

      dab0a8060e9012706ae6ba46adeb2f18e5edecdc187e856989236dd0edb46ed7912cee97cee1c9fb075724c5d736b07e418991d1a3793bee6770d51618dd607f

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Modifies Windows Defender Real-time Protection settings

    • Modifies security service

    • Clears Windows event logs

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks