General

  • Target

    163e651162f292028ca9a8d7f1ed7340.bin

  • Size

    334KB

  • Sample

    230331-bd2z5shd6t

  • MD5

    ff32bdfe64b6ba3c3e21b76d978ba1f7

  • SHA1

    31c9964a21b67b19592652dad42bd2f14571afc1

  • SHA256

    7e62ba5d20453f60bdda8e67caa3eb91b4b6c3cca5203d206757b4b339eb24cb

  • SHA512

    54c0dbb1425263ca891cffeb378a5f9ba8baba8f67ce0864f54e12ecc3bcb7c9a9ca54aae1ccb91ab73a71cfc5e04fe9a57ea4061e98af6324b58a5c1f7eff3b

  • SSDEEP

    6144:qVpdyLkiFyRnGknCXS4ws3hPorz1Z4BwgIfa6aXEFahT08BzxshI/pVgMJbu9q9p:qVbyAHoXYsRgNZ4R5XwaFt3pVBoYr

Malware Config

Targets

    • Target

      bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe

    • Size

      720KB

    • MD5

      163e651162f292028ca9a8d7f1ed7340

    • SHA1

      a85ff9091f298ea2d6823a7b0053daa08b237423

    • SHA256

      bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b

    • SHA512

      f1cd02b07219d40d489b8000a92e20fca0c3e536a7dde25b98b7be0ce54a46349dcea9e66bef8f7fbd895ce7e5b22e3f3a46fbb9c7dcea4185b3937384f1649f

    • SSDEEP

      12288:A+2ZzbQ32UC1pC0q1oJn2OR9YA/SnHaetVkiIGjltRztp:A+4OECVCn2OR9r/kaetNIOtZ

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks