General

  • Target

    Trojan-Ransom.Win32.Blocker.fhfs-bd1c01975c2fe3bdea8b2c7de53ccdc12a5fccaae00cbf2ad202a3bf7b905271

  • Size

    213KB

  • Sample

    221106-zfvwlsahh3

  • MD5

    8f87064ff0fa9537bf730c31fc6e5812

  • SHA1

    db42bab1e2520059b1dd5a4fcb506a9b8879d476

  • SHA256

    bd1c01975c2fe3bdea8b2c7de53ccdc12a5fccaae00cbf2ad202a3bf7b905271

  • SHA512

    dc7320c2ab6b55e42bca10f7c033564bcbad78661a217161371c674f5ea0a6229e49e9a8e23802cddb4fc5f752a7d20d25b7cb5095164d686e3cdeb6c544739b

  • SSDEEP

    6144:NfM8H/CEYmoa4VQhnx9KB4uU4sLL3gHovIMToSe:/RYxaGQo4uU4sLL3gLMToSe

Malware Config

Targets

    • Target

      Trojan-Ransom.Win32.Blocker.fhfs-bd1c01975c2fe3bdea8b2c7de53ccdc12a5fccaae00cbf2ad202a3bf7b905271

    • Size

      213KB

    • MD5

      8f87064ff0fa9537bf730c31fc6e5812

    • SHA1

      db42bab1e2520059b1dd5a4fcb506a9b8879d476

    • SHA256

      bd1c01975c2fe3bdea8b2c7de53ccdc12a5fccaae00cbf2ad202a3bf7b905271

    • SHA512

      dc7320c2ab6b55e42bca10f7c033564bcbad78661a217161371c674f5ea0a6229e49e9a8e23802cddb4fc5f752a7d20d25b7cb5095164d686e3cdeb6c544739b

    • SSDEEP

      6144:NfM8H/CEYmoa4VQhnx9KB4uU4sLL3gHovIMToSe:/RYxaGQo4uU4sLL3gLMToSe

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks