Overview
overview
10Static
static
10075F9A8B9A...C5.exe
windows7-x64
1075F9A8B9A...C5.exe
windows10-2004-x64
1145F7ABE9A...EA.exe
windows7-x64
10145F7ABE9A...EA.exe
windows10-2004-x64
101A99AC759F...31.exe
windows7-x64
31A99AC759F...31.exe
windows10-2004-x64
31BE33E4291...2D.exe
windows7-x64
101BE33E4291...2D.exe
windows10-2004-x64
102188BAE387...0C.dll
windows7-x64
32188BAE387...0C.dll
windows10-2004-x64
322F524ABC9...92.exe
windows7-x64
1022F524ABC9...92.exe
windows10-2004-x64
1033381793BD...5E.exe
windows7-x64
133381793BD...5E.exe
windows10-2004-x64
161C0810A23...A1.exe
windows7-x64
161C0810A23...A1.exe
windows10-2004-x64
1676A2A0D88...CB.exe
windows7-x64
7676A2A0D88...CB.exe
windows10-2004-x64
773D29DEAC4...09.exe
windows7-x64
173D29DEAC4...09.exe
windows10-2004-x64
181EFD50EB3...29.exe
windows7-x64
781EFD50EB3...29.exe
windows10-2004-x64
78E83C0F656...07.exe
windows7-x64
108E83C0F656...07.exe
windows10-2004-x64
1099CA9F3245...E2.exe
windows7-x64
599CA9F3245...E2.exe
windows10-2004-x64
5B1E12D0216...06.exe
windows7-x64
10B1E12D0216...06.exe
windows10-2004-x64
10C6185A23C5...C8.exe
windows7-x64
10C6185A23C5...C8.exe
windows10-2004-x64
10CDCFEDDB0A...3E.exe
windows7-x64
10CDCFEDDB0A...3E.exe
windows10-2004-x64
10General
-
Target
Sam.zip
-
Size
71.0MB
-
Sample
240112-rnw5msacg6
-
MD5
aeca1da0def416e2bade2fce8fb795c2
-
SHA1
1a3b59b99f90280eea93d964ba36b15f2fbce772
-
SHA256
3ca0bf28baacf269c3f6a7215516ae6c2181487f006f192ecac3537595a792c2
-
SHA512
ce4fb3b30f4246ecfaea97d653a9cbe5193869e05980168f2ae972715fc9ba8f0f47d592e2d7ed75d4cef998f728c31335f01fb036f7b20b6e29218225f8eaf9
-
SSDEEP
1572864:KSppUOHAPdPLq90QO7q52M8x47QzCLJwg4Opy+DMRNrID9:PppUxY2TOkM8xytLJ0OpSJy9
Behavioral task
behavioral1
Sample
075F9A8B9A5A3F3C221CFA69BA8B3590CFB873946970B7F3DBD333A580D24AC5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
075F9A8B9A5A3F3C221CFA69BA8B3590CFB873946970B7F3DBD333A580D24AC5.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
145F7ABE9ABFFD0422F1C1F4CF429E89FD9D3BE93E6C3A0DD852DB708992C4EA.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
145F7ABE9ABFFD0422F1C1F4CF429E89FD9D3BE93E6C3A0DD852DB708992C4EA.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
1A99AC759FCD881729B76C2904476B4201E794DF2D0547C954EA37BE7C153131.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
1A99AC759FCD881729B76C2904476B4201E794DF2D0547C954EA37BE7C153131.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
1BE33E42910515D58685E4CEE83C4C9B7DE4E6A155A6FD936922682A9922D42D.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
1BE33E42910515D58685E4CEE83C4C9B7DE4E6A155A6FD936922682A9922D42D.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
2188BAE387FD2665D807D0B67B916973478CBE417D2042A146C8EADF77AF600C.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
2188BAE387FD2665D807D0B67B916973478CBE417D2042A146C8EADF77AF600C.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
33381793BD156716647F2C2E14047AA5559E940FF584D3FF6110B96EB701115E.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
33381793BD156716647F2C2E14047AA5559E940FF584D3FF6110B96EB701115E.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
61C0810A23580CF492A6BA4F7654566108331E7A4134C968C2D6A05261B2D8A1.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
61C0810A23580CF492A6BA4F7654566108331E7A4134C968C2D6A05261B2D8A1.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
73D29DEAC41E022CE77730F74D5EFB0828F56D1F2BEB91FD24ABC867F851FE09.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
73D29DEAC41E022CE77730F74D5EFB0828F56D1F2BEB91FD24ABC867F851FE09.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
81EFD50EB374AD2176E2655AF10276079F733C0592E83E3A044253DCBE06F329.exe
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
81EFD50EB374AD2176E2655AF10276079F733C0592E83E3A044253DCBE06F329.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
8E83C0F6566169AF1CF6C28670DCEE6EDEB15D0913AA24AD3831C9F97EB42307.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
8E83C0F6566169AF1CF6C28670DCEE6EDEB15D0913AA24AD3831C9F97EB42307.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral25
Sample
99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
B1E12D0216A946329FE549E09BF481D7DF9E8E3BC3F99BC24D9940CBB8F76F06.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
B1E12D0216A946329FE549E09BF481D7DF9E8E3BC3F99BC24D9940CBB8F76F06.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
C6185A23C51B8AC77E6C1BDF2CD4A8D39B02AF8B8027D4162CF9766D19CF87C8.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
C6185A23C51B8AC77E6C1BDF2CD4A8D39B02AF8B8027D4162CF9766D19CF87C8.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
CDCFEDDB0ACA42E65E6A4822C1F23DF7C4AE92775EBCC0B45D4160B732B0983E.exe
Resource
win7-20231215-en
Malware Config
Extracted
phorphiex
http://185.215.113.66/twizt/
http://185.215.113.66/
12SJv5p8xUHeiKnXPCDaKCMpqvXj7TABT5BSxGt3csz9Beuc
1A6utf8R2zfLL7X31T5QRHdQyAx16BjdFD
3PFzu8Rw8aDNhDT6d5FMrZ3ckE4dEHzogfg
3BJS4zYwrnfcJMm4xLxRcsa69ght8n6QWz
qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k
XgWbWpuyPGney7hcS9vZ7eNhkj7WcvGcj8
DPcSSyFAYLu4aEB4s1Yotb8ANwtx6bZEQG
0xb899fC445a1b61Cdd62266795193203aa72351fE
LRDpmP5wHZ82LZimzWDLHVqJPDSpkM1gZ7
r1eZ7W1fmUT9tiUZwK6rr3g6RNiE4QpU1
TBdEh7r35ywUD5omutc2kDTX7rXhnFkxy5
t1T7mBRBgTYPEL9RPPBnAVgcftiWUPBFWyy
AGUqhQzF52Qwbvun5wQSrpokPtCC4b9yiX
bitcoincash:qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k
4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK
GCVFMTUKNLFBGHE3AHRJH4IJDRZGWOJ6JD2FQTFQAAIQR64ALD7QJHUY
bnb1rcg9mnkzna2tw4u8ughyaj6ja8feyj87hss9ky
bc1qzs2hs5dvyx04h0erq4ea72sctcre2rcwadsq2v
Extracted
blackcat
-
enable_network_discovery
true
-
enable_self_propagation
true
-
enable_set_wallpaper
true
-
extension
kh1ftzx
-
note_file_name
RECOVER-${EXTENSION}-FILES.txt
-
note_full_text
>> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. - Manufacturing documents including: datagrams, schemas, drawings in solidworks format - And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? Follow these simple steps to get everything back to normal: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://rfosusl6qdm4zhoqbqnjxaloprld2qz35u77h4aap46rhwkouejsooqd.onion/?access-key=${ACCESS_KEY}
Extracted
C:\Program Files (x86)\!!!-Restore-My-Files-!!!.txt
lockbit
http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
http://lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion
http://lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion
http://lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
http://lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly
http://lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion.ly
http://lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion.ly
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
https://twitter.com/hashtag/lockbit?f=live
http://lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion
http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
http://lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion
http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
http://lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion
http://lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion
http://lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion
http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
https://gdpr.eu/what-is-gdpr/
https://gdpr-info.eu/
Targets
-
-
Target
075F9A8B9A5A3F3C221CFA69BA8B3590CFB873946970B7F3DBD333A580D24AC5
-
Size
190KB
-
MD5
a3a2816c2a4e8c7374c0d973a0fc4c8e
-
SHA1
ead016fe4e5d9bc24cc186e8fec28c9b07606966
-
SHA256
075f9a8b9a5a3f3c221cfa69ba8b3590cfb873946970b7f3dbd333a580d24ac5
-
SHA512
b9eb4bfbf8dd4320fffd98e92d46e55882544f4fda5cfd5586e48b4da4fd919bf575afa0443732c88be5aaed2fff756342d4c33b0bcceb4474bee69af0d9d3ab
-
SSDEEP
3072:aVOMzfEpDHKNBW6Q/THGVp3DqGxgkjCXLCz0fugKkqEjBD:a4M4FMgXCTTdL0fuLfe
Score1/10 -
-
-
Target
145F7ABE9ABFFD0422F1C1F4CF429E89FD9D3BE93E6C3A0DD852DB708992C4EA
-
Size
5.8MB
-
MD5
f6cf3e7a47b6210ef89855787c9625c6
-
SHA1
f5f4b1e38bad2f9aca8617c04cf04c62330b401b
-
SHA256
145f7abe9abffd0422f1c1f4cf429e89fd9d3be93e6c3a0dd852db708992c4ea
-
SHA512
1f60a2ffc01141a0937065eaa34c6fb87cab93b53689d6911cc2e3e98e5eb7d602ddf6460ed3f8a119feec1e73fe6ea0922c724849a192a48f2d6efbd8e8a443
-
SSDEEP
98304:XbQoWTf1qlsg6Ni7suYi8i+9GWYjE0t5mKBw64zqaasQQBUrlS0TGxQ33z44i4qQ:r071g57mpi+9kIk5mK74zBIQSrE0rz4a
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops file in System32 directory
-
-
-
Target
1A99AC759FCD881729B76C2904476B4201E794DF2D0547C954EA37BE7C153131
-
Size
3.0MB
-
MD5
f1c9c05e648e58b6bef8dada7654a88e
-
SHA1
51e14be2940ae38c6428bf33bb8a9a08ae36ec69
-
SHA256
1a99ac759fcd881729b76c2904476b4201e794df2d0547c954ea37be7c153131
-
SHA512
fb21745b64fa2168103a26e1c36f64147d4a7c0a0a9480cdda3d0a01406f2032e928451157f77f46840071fb30de51e0119dc434a2ac6ff39f99ed3a5af976ce
-
SSDEEP
49152:JVHFXSFEmqiDqCbS1gickV9/Txt17kLz5P3mucJZCliSAbFXHrZy0HCxgdjmyZ3H:JVHFXSCmqsSgfkV99jkLlP2bClDC9Fjd
Score3/10 -
-
-
Target
1BE33E42910515D58685E4CEE83C4C9B7DE4E6A155A6FD936922682A9922D42D
-
Size
1.8MB
-
MD5
7b7f4f390ecafc124ac298f5f58f46ae
-
SHA1
ed19d12269c86117897865ebc3e6e79d11d485a6
-
SHA256
1be33e42910515d58685e4cee83c4c9b7de4e6a155a6fd936922682a9922d42d
-
SHA512
fc37474112152bc9ea1d3671b445fc59995e868bac2203147854824ea94e5d171a5b1e29474403377b504ac778f04b3290628383758ec428f6838e0271eb7545
-
SSDEEP
49152:VEVUcg1LD3L+nIrBQfLdKiDRB1X8wcWynn:VE3g1RkAiDrmwchnn
Score10/10-
XMRig Miner payload
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
-
-
Target
2188BAE387FD2665D807D0B67B916973478CBE417D2042A146C8EADF77AF600C
-
Size
1.2MB
-
MD5
d7d48b65d6607c280abdd9813cdda41c
-
SHA1
54093d0e9bfcb71c6f9121edba127605ea0a9134
-
SHA256
2188bae387fd2665d807d0b67b916973478cbe417d2042a146c8eadf77af600c
-
SHA512
6bfc0fd05825144847b4f039ef2d1bf21aa61b2b68c96f772dc094d47d7091635ebc2f83c7648955aef954f160a8ce8fb743eddad521943b8dce6039df973945
-
SSDEEP
24576:EtrcFS3D0x4f8FJbA8dE/D3A6y2smW8ZWTgHSbK6SjcpEtWL+ol9FS+EIZmNQZ:q4S3q08FlA8cD3ZFsR8UTgHThjULT7ma
Score3/10 -
-
-
Target
22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092
-
Size
75KB
-
MD5
ed2d7b25bb360cccb4f0f6a4f8732d7a
-
SHA1
6ffcc083956c5ac19826bdd87e12f87817ee837c
-
SHA256
22f524abc98f958705febd3761bedc85ec1ae859316a653b67c0c01327533092
-
SHA512
6592ec1a12f9575176474c6192d49f4f4a87998da6692e07e8ba6a93789d6a92e41dbabd3488a27a49ec8c8c414e02751867feb2a0038e4091630ca3e4fb235f
-
SSDEEP
1536:K3Mz8enofIxQrFP+ZrFugrZpVnWw7V15Frrmi:xweZQhGZ5ugDVnj7V15Fr
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
33381793BD156716647F2C2E14047AA5559E940FF584D3FF6110B96EB701115E
-
Size
34.3MB
-
MD5
6d173d9c4fc114e68d7a51752e856e32
-
SHA1
92ffb844a740b5c5162172a13b60616a165ef9b9
-
SHA256
33381793bd156716647f2c2e14047aa5559e940ff584d3ff6110b96eb701115e
-
SHA512
595f7b9dcfd2e9be53297fc10779983596f775cd8d7b1e2b19187b1f1b7597a3499ef1b44e764b9443b595f260944df4daaba8765823aa26b9d915f1ca9d7506
-
SSDEEP
786432:MiKg5zkgag4FAKYtNHIW3DTp6LFAcik5g:7KAag4FAVp3gisg
Score1/10 -
-
-
Target
61C0810A23580CF492A6BA4F7654566108331E7A4134C968C2D6A05261B2D8A1
-
Size
1.3MB
-
MD5
29efd64dd3c7fe1e2b022b7ad73a1ba5
-
SHA1
e3b6ea8c46fa831cec6f235a5cf48b38a4ae8d69
-
SHA256
61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1
-
SHA512
f00b1ab035aa574c70f6b95b63f676fa75ff8f379f92e85ad5872c358a6bb1ed5417fdd226d421307a48653577ca42aba28103b3b2d7a5c572192d6e5f07e8b3
-
SSDEEP
24576:0CgjBAeu8iuUHGzkuBhzy2F+yVICFPC27rIlve3NuacODvsG:0CI7XBE2IuF64rIlmdii
Score1/10 -
-
-
Target
676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB
-
Size
1.7MB
-
MD5
7687cbe6769001af75b61c8e053221f2
-
SHA1
5723b7d6c6dbd2a3d1a7671ab95a28921525f5fd
-
SHA256
676a2a0d88a79012300a63092da090f5b0d0bdfc105541732254e0ae1feb2fcb
-
SHA512
d52da2ef2a8d4f671b2b69aeb90d85a1627252c6090cc77569bf5a38407f1adb8158c5caf9572c13fecd57bef5bfe50558eca62b744cae699ea8778c251903dc
-
SSDEEP
24576:eNcBtkdOdTNpGu522pL8cX2QrOtUUqi8BQLvYOHgDD/bcNuh+S1hKlMLkhWgvoNT:51bGCfL8cX2N2UhLAX/+uh+S14sBZ
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
73D29DEAC41E022CE77730F74D5EFB0828F56D1F2BEB91FD24ABC867F851FE09
-
Size
991KB
-
MD5
83367170e99b11d213568416aafa64fd
-
SHA1
bfdcc7c922913592c6210f996f7c4bda2a3bc04d
-
SHA256
73d29deac41e022ce77730f74d5efb0828f56d1f2beb91fd24abc867f851fe09
-
SHA512
03c04bf58e8624673b77dc3530186a09cd2f522ee0ffac1b236f8d67145401a7efb8373c55786f546fb1e8b134ba94c68c5fd4c757185712c1ad3cbebbd788fd
-
SSDEEP
24576:ZY2PtNcL4S9thpA+7zuc/tP5ANmU8P5Y+cMw5nse5CHe:ZYCNclVTzucVZyMw5nsk0e
Score1/10 -
-
-
Target
81EFD50EB374AD2176E2655AF10276079F733C0592E83E3A044253DCBE06F329
-
Size
1.6MB
-
MD5
27f7cc0f212d12a99ebd814e96022066
-
SHA1
61ae24f0521bbc077d08c135a853fae3c1725fcf
-
SHA256
81efd50eb374ad2176e2655af10276079f733c0592e83e3a044253dcbe06f329
-
SHA512
06eb43a37672f7619d2b8f49e96d6b117e537b72839fe12a5b671bba1094e88e047c0f8c46587519fce2d35fdfaedbb664e4549aa88fca789fc6a099b7ec7903
-
SSDEEP
49152:CyvgQPDvX0nYFZIzgofMkF8UTG+wAeeBuGAt21ghQ:CyvZ7PmYUgojF9wAhBuGAc1ghQ
Score7/10 -
-
-
Target
8E83C0F6566169AF1CF6C28670DCEE6EDEB15D0913AA24AD3831C9F97EB42307
-
Size
6.2MB
-
MD5
35b12aa59cb3816e264afda86eeb9c6e
-
SHA1
5b7099d771a8bc73d6ba04539f8c4914ebddc553
-
SHA256
8e83c0f6566169af1cf6c28670dcee6edeb15d0913aa24ad3831c9f97eb42307
-
SHA512
b72b500ba7f600615b5877ef0318605177b49e6a9a0cbc84321e9fa5ebfbd3e57061ca131b40dbde2736df10350b6f1f19491171ae0d55c0281960f8573f58ad
-
SSDEEP
98304:LNDHuQj/uHg7lHz19DIbDzvDPsKjptRf7PGX58U+3x8dXQKlsT1KO:L0Qj/d11903ptZqtsOA2sTkO
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops file in System32 directory
-
-
-
Target
99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2
-
Size
9.1MB
-
MD5
e3e42b4482a18666a45e39bef73fcb8f
-
SHA1
05014d6b033ad098e164a8f3ae9f18568db92135
-
SHA256
99ca9f3245265c2f9d395b4b3a8554056e481c6fee98b839c9c5adb5b79e0de2
-
SHA512
f391bc5fe9e7b549796d1ed6c080ea8558e55d04d78073e7a18c74a91dbd990cd11af3f0fb3d5e2db0b8dff49f0d7e5666c347c4df49ca7d0e6161e82122537c
-
SSDEEP
196608:/wldEYTmZUQz5qfy1OKCCRmLojXFcvvukPRPdRJ/6bt2jPlt:/whmia5qASumkhcv2qXv7
Score5/10-
Suspicious use of SetThreadContext
-
-
-
Target
B1E12D0216A946329FE549E09BF481D7DF9E8E3BC3F99BC24D9940CBB8F76F06
-
Size
231KB
-
MD5
5e3ec333a0b2ccf85fcc8ef31c1c8caa
-
SHA1
e6d9b00dd20426fb3d3a2c9a77b86553c144986a
-
SHA256
b1e12d0216a946329fe549e09bf481d7df9e8e3bc3f99bc24d9940cbb8f76f06
-
SHA512
116737b153810a7b2f91e52a03e97fa0601735919ec219aebff5e74321c730d14bbb46f5bcff457587daafd5c8c9341964d1ac91bc171b96f8289e02b0f370f7
-
SSDEEP
3072:ge9f4GwJqzPG927z6r7JGSxS0S4/J2cux2Ut8q7frsFmm0xUMZByH:z9fkgzP4HQSxSuJ2c/AnUmxxUGByH
Score10/10-
Renames multiple (7894) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
-
-
Target
C6185A23C51B8AC77E6C1BDF2CD4A8D39B02AF8B8027D4162CF9766D19CF87C8
-
Size
4.8MB
-
MD5
d9ce98a0b0029d26876ac86409bac27e
-
SHA1
7dc9f3ac41b40b5ed78a42273f3f5f95d2d367c3
-
SHA256
c6185a23c51b8ac77e6c1bdf2cd4a8d39b02af8b8027d4162cf9766d19cf87c8
-
SHA512
29c81caa093ddf7344e3a647bc6fb76e341de923699111e190e94df9ae1660737237f541c7474157ababc5f33aca8eadf00b54180c6820e1173a399b9ed54eb7
-
SSDEEP
98304:T/kRk50qK5N7jdM2gOpqufwX9h+3dcWUWZJziS1hZUZyeYOth3fOCQb9GK1/49s:bokO9jdMxOUUwWdiWmS+JuZGKJ49
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
-
-
Target
CDCFEDDB0ACA42E65E6A4822C1F23DF7C4AE92775EBCC0B45D4160B732B0983E
-
Size
79KB
-
MD5
c41fe8e266c0ee1ff4d563b158f285d4
-
SHA1
627107a8b664043e563c10ee1566a49ad3823483
-
SHA256
cdcfeddb0aca42e65e6a4822c1f23df7c4ae92775ebcc0b45d4160b732b0983e
-
SHA512
ed11b61188ebc99655d5c0cbdc84a58ea3ea1f6f6c2f440de245e8a453ccf45b07d1ffc3d4e2f55eb0f2bc0657069019d93beca86b31debaf8dabfcd15946448
-
SSDEEP
1536:H3Mz8Egxge1V1ljohznpCzSzGcmRfFFAEfeeeeeeeeWeeeee:8wE/ebzjoppjzGcmRfFiE
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1