General
-
Target
d7fa3c682a2088f4877c2eac6e122b81.bin
-
Size
566KB
-
Sample
240312-esdgwaaa85
-
MD5
d7fa3c682a2088f4877c2eac6e122b81
-
SHA1
ae78f080a641c457db0feb752614518b5f59b40d
-
SHA256
9ed566de07b7748c763b41957fa357ac1cc294e6c394878ee4d879b0d580157f
-
SHA512
944e74ea57d7b339089d462f32be46d92c3dcb2505e10bfcc579bab241a0afff2f23b0af62a0ebdd7b944ba6a38d38e8b0713b629f837009cb4a958273612846
-
SSDEEP
6144:6jSG/aMruptxCcPbK9vjahGbgzjRtcjMm7T6qWxxRndPWTuqjcdhg8x2QmKZu8:eSG/aM+7KJaFjR/6wNd2cL/2QmKZu
Malware Config
Targets
-
-
Target
d7fa3c682a2088f4877c2eac6e122b81.bin
-
Size
566KB
-
MD5
d7fa3c682a2088f4877c2eac6e122b81
-
SHA1
ae78f080a641c457db0feb752614518b5f59b40d
-
SHA256
9ed566de07b7748c763b41957fa357ac1cc294e6c394878ee4d879b0d580157f
-
SHA512
944e74ea57d7b339089d462f32be46d92c3dcb2505e10bfcc579bab241a0afff2f23b0af62a0ebdd7b944ba6a38d38e8b0713b629f837009cb4a958273612846
-
SSDEEP
6144:6jSG/aMruptxCcPbK9vjahGbgzjRtcjMm7T6qWxxRndPWTuqjcdhg8x2QmKZu8:eSG/aM+7KJaFjR/6wNd2cL/2QmKZu
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1