General
-
Target
817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797
-
Size
3.0MB
-
Sample
220305-w9v7paghg8
-
MD5
149cc2ec1900cb778afb50d8026eadf5
-
SHA1
a7bc1bbc7bdc970757ec369ef0b51dc53989f131
-
SHA256
817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797
-
SHA512
d617654478beb6325d86c108cddaff8f8d658a235d26b8e0282ed85dca826bdb62b0b67e749c7cd421dbae1d98084220e2f4d5779badb8fd7ab07ff333a35553
Malware Config
Targets
-
-
Target
817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797
-
Size
3.0MB
-
MD5
149cc2ec1900cb778afb50d8026eadf5
-
SHA1
a7bc1bbc7bdc970757ec369ef0b51dc53989f131
-
SHA256
817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797
-
SHA512
d617654478beb6325d86c108cddaff8f8d658a235d26b8e0282ed85dca826bdb62b0b67e749c7cd421dbae1d98084220e2f4d5779badb8fd7ab07ff333a35553
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
UAC bypass
-
Blocklisted process makes network request
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Winlogon Helper DLL
1Change Default File Association
1Hidden Files and Directories
1Defense Evasion
Modify Registry
4Bypass User Account Control
1Disabling Security Tools
1Hidden Files and Directories
1