General

  • Target

    e62a2f4c6b627c8a95b3260ea2871b9ca98f538842ae51e5e45ead45ec02d6df

  • Size

    16.1MB

  • Sample

    221028-tfx33sgedk

  • MD5

    9d2f493c94e4f454a657e0189bf2cccb

  • SHA1

    8951c86bab48477b5996d65602e21fa9c72bf0e2

  • SHA256

    e62a2f4c6b627c8a95b3260ea2871b9ca98f538842ae51e5e45ead45ec02d6df

  • SHA512

    46f3e989a89e5a83a4b2133c5e9e16ea83cf87808dce4d9d770c1dd87ea3887beabc4e506973e9ed82d5b151d0702989d76d6081f90316134eaa715ab724a4ad

  • SSDEEP

    393216:LAnF0gSwwQHg8TPUQfJXZ7JwD2nOMI9ZHA7:EnFjksJXZsMIH6

Malware Config

Targets

    • Target

      e62a2f4c6b627c8a95b3260ea2871b9ca98f538842ae51e5e45ead45ec02d6df

    • Size

      16.1MB

    • MD5

      9d2f493c94e4f454a657e0189bf2cccb

    • SHA1

      8951c86bab48477b5996d65602e21fa9c72bf0e2

    • SHA256

      e62a2f4c6b627c8a95b3260ea2871b9ca98f538842ae51e5e45ead45ec02d6df

    • SHA512

      46f3e989a89e5a83a4b2133c5e9e16ea83cf87808dce4d9d770c1dd87ea3887beabc4e506973e9ed82d5b151d0702989d76d6081f90316134eaa715ab724a4ad

    • SSDEEP

      393216:LAnF0gSwwQHg8TPUQfJXZ7JwD2nOMI9ZHA7:EnFjksJXZsMIH6

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks