General
-
Target
BUG32.exe
-
Size
3.0MB
-
Sample
230509-xqvbqafe2x
-
MD5
149cc2ec1900cb778afb50d8026eadf5
-
SHA1
a7bc1bbc7bdc970757ec369ef0b51dc53989f131
-
SHA256
817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797
-
SHA512
d617654478beb6325d86c108cddaff8f8d658a235d26b8e0282ed85dca826bdb62b0b67e749c7cd421dbae1d98084220e2f4d5779badb8fd7ab07ff333a35553
-
SSDEEP
49152:Or2U5IahDUGN97rkqOAackLjQ0rZEAh3oA6wHE+K60Kk0aCLkfAZKt0OJTcL:4H2ahFNNrg3QbQoA6wHEnFN4IJu
Static task
static1
Behavioral task
behavioral1
Sample
BUG32.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
BUG32.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
BUG32.exe
-
Size
3.0MB
-
MD5
149cc2ec1900cb778afb50d8026eadf5
-
SHA1
a7bc1bbc7bdc970757ec369ef0b51dc53989f131
-
SHA256
817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797
-
SHA512
d617654478beb6325d86c108cddaff8f8d658a235d26b8e0282ed85dca826bdb62b0b67e749c7cd421dbae1d98084220e2f4d5779badb8fd7ab07ff333a35553
-
SSDEEP
49152:Or2U5IahDUGN97rkqOAackLjQ0rZEAh3oA6wHE+K60Kk0aCLkfAZKt0OJTcL:4H2ahFNNrg3QbQoA6wHEnFN4IJu
Score10/10-
Modifies WinLogon for persistence
-
Blocklisted process makes network request
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies system executable filetype association
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v6
Persistence
Change Default File Association
1Hidden Files and Directories
1Winlogon Helper DLL
1Defense Evasion
Bypass User Account Control
1Disabling Security Tools
1Hidden Files and Directories
1Modify Registry
4