General

  • Target

    d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2

  • Size

    585KB

  • Sample

    240304-x69rcabh83

  • MD5

    e2825e7c7cec068e2a14dff6087d956b

  • SHA1

    426c473ce7b87c9d8c4d4d07b9646f86d0fd5892

  • SHA256

    d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2

  • SHA512

    86800d7bee17fe34ad155b7990b9946869f81dd7bc091d461e0c81017451de39af894b94118894e0b2315dae76285afc0cf72c499873f0e261c9a7dc778c6c86

  • SSDEEP

    12288:fhWnOwCahtHVzvBH3WkicjnIxfYkOiylMQnk53MF7N3N3oSb:fIdCet1bBH3B1nIxfYDNm1pMFhr

Malware Config

Targets

    • Target

      d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2

    • Size

      585KB

    • MD5

      e2825e7c7cec068e2a14dff6087d956b

    • SHA1

      426c473ce7b87c9d8c4d4d07b9646f86d0fd5892

    • SHA256

      d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2

    • SHA512

      86800d7bee17fe34ad155b7990b9946869f81dd7bc091d461e0c81017451de39af894b94118894e0b2315dae76285afc0cf72c499873f0e261c9a7dc778c6c86

    • SSDEEP

      12288:fhWnOwCahtHVzvBH3WkicjnIxfYkOiylMQnk53MF7N3N3oSb:fIdCet1bBH3B1nIxfYDNm1pMFhr

    • Renames multiple (8492) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Possible privilege escalation attempt

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks