General
-
Target
8fb1d6d67c08112cd830c02b8844f8d4
-
Size
448KB
-
Sample
240204-vl7p5sgghj
-
MD5
8fb1d6d67c08112cd830c02b8844f8d4
-
SHA1
429261537576934f4c656736ac43a52bda810592
-
SHA256
39de9f5b5bca5251c83e3c8a8f45c14ccc4ba05a7b3dbec93a2e3314039f5fae
-
SHA512
8f2864b2f1a75914db7bca2bc1e634a5f13d34fed3de6489d2e9253cac663c2bf2de134c7bc754d7881642f6ae6d15e18bfa455a8199d99bb176f877b555dc01
-
SSDEEP
12288:LB+zZ7qbzi0lh9eJ7tr00csu/WkZzh/azrNPfYKQ3vVOZDN:Vo7qvi0lh9GtA0cF3hXk
Malware Config
Targets
-
-
Target
8fb1d6d67c08112cd830c02b8844f8d4
-
Size
448KB
-
MD5
8fb1d6d67c08112cd830c02b8844f8d4
-
SHA1
429261537576934f4c656736ac43a52bda810592
-
SHA256
39de9f5b5bca5251c83e3c8a8f45c14ccc4ba05a7b3dbec93a2e3314039f5fae
-
SHA512
8f2864b2f1a75914db7bca2bc1e634a5f13d34fed3de6489d2e9253cac663c2bf2de134c7bc754d7881642f6ae6d15e18bfa455a8199d99bb176f877b555dc01
-
SSDEEP
12288:LB+zZ7qbzi0lh9eJ7tr00csu/WkZzh/azrNPfYKQ3vVOZDN:Vo7qvi0lh9GtA0cF3hXk
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (52) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1