General

  • Target

    aa7ce605daabaafbff68fc30a49de38d432c94b747112ca9250218b4a9971a6f

  • Size

    239KB

  • Sample

    230327-j5s6baee4w

  • MD5

    9377569bf4ce92516d9f4a6ba7be2e0d

  • SHA1

    e75c7fdcde768ab52e0b81f116a908fa7d65aac4

  • SHA256

    aa7ce605daabaafbff68fc30a49de38d432c94b747112ca9250218b4a9971a6f

  • SHA512

    3e8d710b088b37c35c9c151efae4b2c4f2577c638d578099fe88f719c6a243e1017eb8d1ce16d1c010967ab2fd94d534b4923b3d8a5f597cc6e5b935c961040f

  • SSDEEP

    6144:Z3XUOYVLZCoBeT0g91iuahxY06/LL2EmJadNOQB9:pgLZfBeT0g91fahI/Lp4Q

Malware Config

Targets

    • Target

      aa7ce605daabaafbff68fc30a49de38d432c94b747112ca9250218b4a9971a6f

    • Size

      239KB

    • MD5

      9377569bf4ce92516d9f4a6ba7be2e0d

    • SHA1

      e75c7fdcde768ab52e0b81f116a908fa7d65aac4

    • SHA256

      aa7ce605daabaafbff68fc30a49de38d432c94b747112ca9250218b4a9971a6f

    • SHA512

      3e8d710b088b37c35c9c151efae4b2c4f2577c638d578099fe88f719c6a243e1017eb8d1ce16d1c010967ab2fd94d534b4923b3d8a5f597cc6e5b935c961040f

    • SSDEEP

      6144:Z3XUOYVLZCoBeT0g91iuahxY06/LL2EmJadNOQB9:pgLZfBeT0g91fahI/Lp4Q

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks