General
-
Target
76e64e4a178b337a100b97a277ccb02e
-
Size
480KB
-
Sample
240126-kmbc8aaac4
-
MD5
76e64e4a178b337a100b97a277ccb02e
-
SHA1
10bb247e79a628ca30c15e0948b5135cb705f6c0
-
SHA256
9402dd1d5a53fc223acb4e4cf08dc64caffe30f1307aab670e4b45140ab5553d
-
SHA512
43b073a63769f9e14037111a1cab1d4a9ffb821aed9c36968e82c0c3c7b208013f9299ba312a66d237c4c424970c24552490d56d84c64e9265c1a0298f427f68
-
SSDEEP
12288:hBMl99AgYRwRFLXBgKGi6Ggr0VSLKL+GMukhCo1R:bQ9cA/Gi6GgjfGa0or
Malware Config
Targets
-
-
Target
76e64e4a178b337a100b97a277ccb02e
-
Size
480KB
-
MD5
76e64e4a178b337a100b97a277ccb02e
-
SHA1
10bb247e79a628ca30c15e0948b5135cb705f6c0
-
SHA256
9402dd1d5a53fc223acb4e4cf08dc64caffe30f1307aab670e4b45140ab5553d
-
SHA512
43b073a63769f9e14037111a1cab1d4a9ffb821aed9c36968e82c0c3c7b208013f9299ba312a66d237c4c424970c24552490d56d84c64e9265c1a0298f427f68
-
SSDEEP
12288:hBMl99AgYRwRFLXBgKGi6Ggr0VSLKL+GMukhCo1R:bQ9cA/Gi6GgjfGa0or
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (51) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1