General

  • Target

    b8e6a86931f8f8exeexeexeex.exe

  • Size

    146KB

  • Sample

    230709-vfj2wseg32

  • MD5

    b8e6a86931f8f88e477ed47c905e6257

  • SHA1

    b0387babcf97e76a7b77f5651d9f0acfc1ee72ca

  • SHA256

    5ae77146d8a1ebf6eadc18246fda5dc542046e277504f686dbaa0500a447b6c6

  • SHA512

    6717caa6b2c8a1d67d6950790a5334f79605066c9e721ef195667646688c77fc73754ce3b3f44de54d835060612063e4b6af361324263772cadadd8037108c83

  • SSDEEP

    1536:FzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDqDbviSiwhuHX24XFRQTMiKdtUk:GqJogYkcSNm9V7DeiSlxeFmrKbT

Malware Config

Targets

    • Target

      b8e6a86931f8f8exeexeexeex.exe

    • Size

      146KB

    • MD5

      b8e6a86931f8f88e477ed47c905e6257

    • SHA1

      b0387babcf97e76a7b77f5651d9f0acfc1ee72ca

    • SHA256

      5ae77146d8a1ebf6eadc18246fda5dc542046e277504f686dbaa0500a447b6c6

    • SHA512

      6717caa6b2c8a1d67d6950790a5334f79605066c9e721ef195667646688c77fc73754ce3b3f44de54d835060612063e4b6af361324263772cadadd8037108c83

    • SSDEEP

      1536:FzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDqDbviSiwhuHX24XFRQTMiKdtUk:GqJogYkcSNm9V7DeiSlxeFmrKbT

    • Renames multiple (337) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (769) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks