General

  • Target

    0508410a90facaexeexeexeex.exe

  • Size

    146KB

  • Sample

    230705-sdvdqseg3y

  • MD5

    0508410a90faca4e6353bb49ebbf6333

  • SHA1

    08c324fa6adac4171a2408104fdf62ac0390f9bd

  • SHA256

    3d2090c3065f7a037b043f67b0e5cda6541a112ff84f284141a61564c28a0bce

  • SHA512

    8a8ad82a8dd9ae1f783c73dc31329c2d26141887aeecfcdd56e079cb4a7ca8638da6f4f1113beb6d20ed9ec177b9c877e6253423576152b414380877fc47dcb8

  • SSDEEP

    3072:0qJogYkcSNm9V7DpQKHO48WDE7RygKOT:0q2kc4m9tDpQkO4DDBg

Malware Config

Targets

    • Target

      0508410a90facaexeexeexeex.exe

    • Size

      146KB

    • MD5

      0508410a90faca4e6353bb49ebbf6333

    • SHA1

      08c324fa6adac4171a2408104fdf62ac0390f9bd

    • SHA256

      3d2090c3065f7a037b043f67b0e5cda6541a112ff84f284141a61564c28a0bce

    • SHA512

      8a8ad82a8dd9ae1f783c73dc31329c2d26141887aeecfcdd56e079cb4a7ca8638da6f4f1113beb6d20ed9ec177b9c877e6253423576152b414380877fc47dcb8

    • SSDEEP

      3072:0qJogYkcSNm9V7DpQKHO48WDE7RygKOT:0q2kc4m9tDpQkO4DDBg

    • Renames multiple (346) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (599) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks