General
-
Target
5bbc3f77756c58a5177974925590093c
-
Size
484KB
-
Sample
240115-bg8xvsfdd3
-
MD5
5bbc3f77756c58a5177974925590093c
-
SHA1
98f7c09fa3b755eb4ce59ab597a9767947bf441f
-
SHA256
6dd2ab5c71e0a1e1835641918f0d941da56a8b8febb9741703daa6f5f3699242
-
SHA512
dd90d481750984b2e54cd4e523e967e2590bbaec16742ac3fd1d9df1d07e02ec40a63ae6ecabf6a3b9c31f1bdff0cf3be6c2bed979ed944bdf3dd662ee968d02
-
SSDEEP
12288:fKidGfiFkdcgzh695iRXVu/7l3Zo0mwfPMvHp:vd2w95eVuTlu7J
Malware Config
Targets
-
-
Target
5bbc3f77756c58a5177974925590093c
-
Size
484KB
-
MD5
5bbc3f77756c58a5177974925590093c
-
SHA1
98f7c09fa3b755eb4ce59ab597a9767947bf441f
-
SHA256
6dd2ab5c71e0a1e1835641918f0d941da56a8b8febb9741703daa6f5f3699242
-
SHA512
dd90d481750984b2e54cd4e523e967e2590bbaec16742ac3fd1d9df1d07e02ec40a63ae6ecabf6a3b9c31f1bdff0cf3be6c2bed979ed944bdf3dd662ee968d02
-
SSDEEP
12288:fKidGfiFkdcgzh695iRXVu/7l3Zo0mwfPMvHp:vd2w95eVuTlu7J
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (51) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1