General
-
Target
71e48d50a7bdd69e37145ad1ef6cab20.bin
-
Size
10.1MB
-
Sample
231119-cjzmmsgd97
-
MD5
71e48d50a7bdd69e37145ad1ef6cab20
-
SHA1
d9cbe37743291b60668920f57544c24832736152
-
SHA256
a1341bb371ef7a98f3185d2525471c10c598ef0a1a4634da248f8c1320da199b
-
SHA512
b6fd19e3137f7b955f0e67bdc1181dd5db262414c21e89acc69d24081724566a3bf017b981321c05965173dbf501fc29dfeed410594ecc9f199a7287da5c9e13
-
SSDEEP
196608:zRan/1sFBaajDpF4uK0F4DRSWYL7lg66T4Z98KzUCikzN0sSKsrG5dyX6Nofoa6R:ta/mFIbRY4A5XlgefhUCikzN0s/s0XNn
Static task
static1
Behavioral task
behavioral1
Sample
bitdender.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
bitdender.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
winbin.exe
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
winbin.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
bitdender.exe
-
Size
56KB
-
MD5
ca960a5f89e3d82dc4dec752e912fdc3
-
SHA1
04b7b4939788b1055c0909eee3bc0e96cf483127
-
SHA256
b609555a43a2e1151f9ee7b028d0141034bfce25487ef2ec826d2af714e15ee5
-
SHA512
9615aa809568cadc119f415cf159ccbf835fbd62241293cdef9288a42c6c57c2a416d0b68f21e160432a01895eaf406025b3bd9bb0c9ae7e93ab934008a34689
-
SSDEEP
768:EvrNNeRBl5JFTXqwXrkgrn/9/HiDKGwRj4RcTdyH4pYT3nPKVU1EwDXEkMd:ONeRBl5PT/rx1mzwRMSTdLpJwDzM
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (122) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (233) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
-
-
Target
winbin.exe
-
Size
10.4MB
-
MD5
268aa1421775fe7f6e40ac91425f20e2
-
SHA1
0137a4aec5c3917736cba9da6f0e7813ae6a4fd4
-
SHA256
dbbe5b77d489f07ea45f6144dceb48762e40f371b03ded94ce5b3ae3f6b14aed
-
SHA512
c969fe63da4b4a196af8536bc3461b89e7170b6d19ac8b9f6a4c28627c37ecc77624cdea008fe0d9a35673dffcc3e26fe4cdf78aaec7daaa298f07dea16a0094
-
SSDEEP
196608:nKVGZbn0FBOStqOPoo+/7KpBSgQdPLiY8L0jzw7Z0yG4hTcsoSoP2jvWLSlAHOeX:nUGJ0F45zLjKKVJLionG0yG4hTcsjoyQ
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1