General

  • Target

    Application65c9095380496.rar

  • Size

    7.9MB

  • Sample

    240211-wl5q8acd24

  • MD5

    1eef11e912ec086f8c9ce16257eb8bcc

  • SHA1

    c2f48718abcfc2d7dc9cf64e669a8a86238d3e67

  • SHA256

    47c93f0a295867a3140de9e1fd3bfeccdd02fb3bbc82b93ee7e3f8a759f585ab

  • SHA512

    11bd1ed1f397448902bc5a58b70cb3beb0b57d5ef6a95f33b5d63e02bd610c8602a34cb7b8104e842c56748817d31f91e838155765b5596e3f94e04f4d827062

  • SSDEEP

    196608:r3VQq12Ro+k2LcM6L7f9+mzWKhKSw901hyNcEIi+je0ydUp7/:rDoy+k2Jcf9+NqHyNcEIi+CSp7/

Malware Config

Targets

    • Target

      Application65c9095380496.rar

    • Size

      7.9MB

    • MD5

      1eef11e912ec086f8c9ce16257eb8bcc

    • SHA1

      c2f48718abcfc2d7dc9cf64e669a8a86238d3e67

    • SHA256

      47c93f0a295867a3140de9e1fd3bfeccdd02fb3bbc82b93ee7e3f8a759f585ab

    • SHA512

      11bd1ed1f397448902bc5a58b70cb3beb0b57d5ef6a95f33b5d63e02bd610c8602a34cb7b8104e842c56748817d31f91e838155765b5596e3f94e04f4d827062

    • SSDEEP

      196608:r3VQq12Ro+k2LcM6L7f9+mzWKhKSw901hyNcEIi+je0ydUp7/:rDoy+k2Jcf9+NqHyNcEIi+CSp7/

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Collection

Data from Local System

3
T1005

Tasks