General

  • Target

    32c6fb13fe0585f81434e59316ba94a9251129bab90da8bb970645ffa54cb1ad

  • Size

    112KB

  • Sample

    230327-j58wrsee5v

  • MD5

    fa2bac4ec3b4956d76019d84f32f742a

  • SHA1

    de74a1b4d3f5b554da4c9f18f1dbda7b36bb50c8

  • SHA256

    32c6fb13fe0585f81434e59316ba94a9251129bab90da8bb970645ffa54cb1ad

  • SHA512

    942d7b9e88453ec6b15234fc48521faa0e60de5e36a1308442a11348c7b4e3f52cb7f7cadc932bdacbe0ce918008ab9ee34101a6bf4ed5c828673b4fe9860625

  • SSDEEP

    3072:pnUckGZcNbfgJZ/Rxn3nn3n0b4y+WVhvpv4gdCAB:pnUc1ZcNbfgJZ/Rxn3nn3n0cy

Malware Config

Targets

    • Target

      32c6fb13fe0585f81434e59316ba94a9251129bab90da8bb970645ffa54cb1ad

    • Size

      112KB

    • MD5

      fa2bac4ec3b4956d76019d84f32f742a

    • SHA1

      de74a1b4d3f5b554da4c9f18f1dbda7b36bb50c8

    • SHA256

      32c6fb13fe0585f81434e59316ba94a9251129bab90da8bb970645ffa54cb1ad

    • SHA512

      942d7b9e88453ec6b15234fc48521faa0e60de5e36a1308442a11348c7b4e3f52cb7f7cadc932bdacbe0ce918008ab9ee34101a6bf4ed5c828673b4fe9860625

    • SSDEEP

      3072:pnUckGZcNbfgJZ/Rxn3nn3n0b4y+WVhvpv4gdCAB:pnUc1ZcNbfgJZ/Rxn3nn3n0cy

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks