General

  • Target

    acbf4096bfa21862f00e9a20ab855596

  • Size

    291KB

  • Sample

    240228-yyweescf7z

  • MD5

    acbf4096bfa21862f00e9a20ab855596

  • SHA1

    37c046a1f3741096c61a9932b80a11f32cd44378

  • SHA256

    2aca8228ee3f8641d4d2dadd4c1ec2fbf139d828bfbf6f0a2f6ef0bd5e2915a8

  • SHA512

    639af5bf615812ff28478a480637e2a39cbe5733078b5926ceb4886d866af6d2e2908f1ddecedf2afd670cdbf852319942ae42ada534fe1bb8ed3b0ea48e76ac

  • SSDEEP

    6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvR:5MMpXKb0hNGh1kG0HWnALb

Malware Config

Targets

    • Target

      acbf4096bfa21862f00e9a20ab855596

    • Size

      291KB

    • MD5

      acbf4096bfa21862f00e9a20ab855596

    • SHA1

      37c046a1f3741096c61a9932b80a11f32cd44378

    • SHA256

      2aca8228ee3f8641d4d2dadd4c1ec2fbf139d828bfbf6f0a2f6ef0bd5e2915a8

    • SHA512

      639af5bf615812ff28478a480637e2a39cbe5733078b5926ceb4886d866af6d2e2908f1ddecedf2afd670cdbf852319942ae42ada534fe1bb8ed3b0ea48e76ac

    • SSDEEP

      6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvR:5MMpXKb0hNGh1kG0HWnALb

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks