General

  • Target

    33228a20a7e985f02e2ddd73cccde729.bin

  • Size

    93KB

  • Sample

    230623-bkvveacc6s

  • MD5

    0367e08a011aff22afd0b86c4776b5ea

  • SHA1

    d38030649235377b9ae7b9a39ac5887b60a03da0

  • SHA256

    b6a327a1ad5d004644941461a7281df84f01e44ad80ae42e36f5fb216ba7e53d

  • SHA512

    6a3863ac1b570160731641c358033da19bf666d97b2ab10a2ea2c09ddca6f61102cfcf79d343e4b35b33112c4d18f7df14c7316dd8d0d5e6ca18e851f240fb57

  • SSDEEP

    1536:1Ql1+DNda293ysT3MG929UBD14//1Uq48GUNAWEq1pBAx/swvaBKnDrE6XLTCTcJ:qcNT9iAM02+o/eOruWEq1nwtDrE6XvqK

Malware Config

Targets

    • Target

      0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194.exe

    • Size

      146KB

    • MD5

      33228a20a7e985f02e2ddd73cccde729

    • SHA1

      58ab960e629a609d135e1988c72f2991e5f76e30

    • SHA256

      0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194

    • SHA512

      075002dd1b0f8e536c1ff99d30368f5adfc90a2f3e7a74c9770119e7b54a5851236657b7edcb735d457e78a7e67b7c285b6ceaa6ca2907542ac208dfc8c9aabe

    • SSDEEP

      3072:36glyuxE4GsUPnliByocWepqFPUBwrqveV84:36gDBGpvEByocWe8MB4G

    • Renames multiple (305) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (735) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks