Resubmissions

03-11-2023 19:55

231103-ynbbhahe7x 10

18-09-2023 01:03

230918-betp6adf3z 10

General

  • Target

    NoBit.patched.exe

  • Size

    546KB

  • Sample

    231103-ynbbhahe7x

  • MD5

    5a5d6d6fade80634580e373be2c91924

  • SHA1

    e2b08b0bacb84128af910735c8ce8903483d1e03

  • SHA256

    669ba15b1fc970333c1ba980ba8ae143dbaacac92b4acb66df8d82a5c6fd6ba0

  • SHA512

    4d418df5d3fe56717b8f0a45d0fcd0dafc6435abc7c547f715b4262639eee212ccf90f7943750a80d54f9149e0f7b660296b971e53128519d2441dba192727b7

  • SSDEEP

    12288:oDQvjZR8N/3a4GY6bAYIV9MeOFv/glO0JhdBQqzma+v:WwR8dA2lO60oHcL

Malware Config

Targets

    • Target

      NoBit.patched.exe

    • Size

      546KB

    • MD5

      5a5d6d6fade80634580e373be2c91924

    • SHA1

      e2b08b0bacb84128af910735c8ce8903483d1e03

    • SHA256

      669ba15b1fc970333c1ba980ba8ae143dbaacac92b4acb66df8d82a5c6fd6ba0

    • SHA512

      4d418df5d3fe56717b8f0a45d0fcd0dafc6435abc7c547f715b4262639eee212ccf90f7943750a80d54f9149e0f7b660296b971e53128519d2441dba192727b7

    • SSDEEP

      12288:oDQvjZR8N/3a4GY6bAYIV9MeOFv/glO0JhdBQqzma+v:WwR8dA2lO60oHcL

    • Matrix Ransomware

      Targeted ransomware with information collection and encryption functionality.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (81) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks