General

  • Target

    a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b

  • Size

    622KB

  • Sample

    221126-x8lsascf6t

  • MD5

    0ff10287b4c50e0d11ab998a28529415

  • SHA1

    d44462becb1770b6477e1f15d12f78d17f7f11b8

  • SHA256

    a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b

  • SHA512

    7c18741724e22545a5a49d80bac593c4f9ccb82880e8814543f9ecc98a0329a7551cbef19b77f19eb51d87ea96aacaa43232d58282329408b2181032dcedf8cb

  • SSDEEP

    12288:w7iCIiNAQBrsU055lu329bWPVu7ziF7aqlqFXM5I56BsJLT5kjQ67ThpkU:YpnAbl55luQbWgCFh0FqI5HLT5kjQ6vc

Malware Config

Targets

    • Target

      a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b

    • Size

      622KB

    • MD5

      0ff10287b4c50e0d11ab998a28529415

    • SHA1

      d44462becb1770b6477e1f15d12f78d17f7f11b8

    • SHA256

      a1ec0b75d780b18b03b3185d2a3a3f8107ebf2742756409ce7d8776e4139e38b

    • SHA512

      7c18741724e22545a5a49d80bac593c4f9ccb82880e8814543f9ecc98a0329a7551cbef19b77f19eb51d87ea96aacaa43232d58282329408b2181032dcedf8cb

    • SSDEEP

      12288:w7iCIiNAQBrsU055lu329bWPVu7ziF7aqlqFXM5I56BsJLT5kjQ67ThpkU:YpnAbl55luQbWgCFh0FqI5HLT5kjQ6vc

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks