Resubmissions

25-10-2022 00:57

221025-ba2vzabbel 9

19-10-2022 05:41

221019-gdw2saegg3 1

19-10-2022 05:38

221019-gb4c3segf5 1

19-10-2022 05:36

221019-ganw1aegf3 1

19-10-2022 05:34

221019-f9raqsfdbr 8

19-10-2022 05:29

221019-f6qj2aegd4 8

19-10-2022 05:28

221019-f6b2msegd3 6

19-10-2022 05:26

221019-f45wyafchq 6

19-10-2022 05:10

221019-ftnjxafcen 9

19-10-2022 04:53

221019-fh358aefg9 8

General

  • Target

    http://we.tl/t-ZRlwhHea1p

  • Sample

    221019-fh358aefg9

Malware Config

Targets

    • Target

      http://we.tl/t-ZRlwhHea1p

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks