235b7765a7f12a1452569ec38b9ba5deb173184ff529b85f3e7faa074fc328d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

striker.exe
Size

7.4MB
Sample

240307-eh157aea97
MD5

e756e027ac555057b349a72d1b3feb54
SHA1

f1f7c4b4113040c957018b2803d6f2600c6656c2
SHA256

235b7765a7f12a1452569ec38b9ba5deb173184ff529b85f3e7faa074fc328d0
SHA512

4f767559d3f80d8ada4029661805f4e64280bd42cfa8c83a3adbf545f1ad530ea8a8ac38eadadcc6f27d627538e08ba3154edb53594c761fd40123d49b2232ea
SSDEEP

98304:ZvUemeK1AoxqzEdi7Dz/mFuw5mTesaeGUPhLWSEtCf:9blK1AoTd+e5Se1sQu

Score

9^/10

ransomware

Malware Config

Targets

- Target
  
  striker.exe
- Size
  
  7.4MB
- MD5
  
  e756e027ac555057b349a72d1b3feb54
- SHA1
  
  f1f7c4b4113040c957018b2803d6f2600c6656c2
- SHA256
  
  235b7765a7f12a1452569ec38b9ba5deb173184ff529b85f3e7faa074fc328d0
- SHA512
  
  4f767559d3f80d8ada4029661805f4e64280bd42cfa8c83a3adbf545f1ad530ea8a8ac38eadadcc6f27d627538e08ba3154edb53594c761fd40123d49b2232ea
- SSDEEP
  
  98304:ZvUemeK1AoxqzEdi7Dz/mFuw5mTesaeGUPhLWSEtCf:9blK1AoTd+e5Se1sQu
Score

9^/10

ransomware
- Renames multiple (95) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1