General

  • Target

    a17f6e998007e7f4365c351379fa6b13.exe

  • Size

    3.3MB

  • Sample

    240107-yacx6sdeg2

  • MD5

    a17f6e998007e7f4365c351379fa6b13

  • SHA1

    3f5d5c3ddfd863cb46cf22d4622f4380df72c37f

  • SHA256

    b9ce6c007bf9c78878bd12a15b671eb80f530d1da16b94c2c600fd3169fc8f25

  • SHA512

    e26effe4759b960c0298b95025740d67b783473a9925b925c27be2eed050b937170ac5f71fd4dbf4ce23df06cd5e88ebad5489d53c0a96e31cfe300cfefe1fa6

  • SSDEEP

    24576:WMMpXS0hN0V0Hh6LTMMpXS0hN0V0Hh6LSw5:Dwi0L0qQEwi0L0qQ+w5

Malware Config

Targets

    • Target

      a17f6e998007e7f4365c351379fa6b13.exe

    • Size

      3.3MB

    • MD5

      a17f6e998007e7f4365c351379fa6b13

    • SHA1

      3f5d5c3ddfd863cb46cf22d4622f4380df72c37f

    • SHA256

      b9ce6c007bf9c78878bd12a15b671eb80f530d1da16b94c2c600fd3169fc8f25

    • SHA512

      e26effe4759b960c0298b95025740d67b783473a9925b925c27be2eed050b937170ac5f71fd4dbf4ce23df06cd5e88ebad5489d53c0a96e31cfe300cfefe1fa6

    • SSDEEP

      24576:WMMpXS0hN0V0Hh6LTMMpXS0hN0V0Hh6LSw5:Dwi0L0qQEwi0L0qQ+w5

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks