Analysis
-
max time kernel
51s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
-
submitted
14-03-2024 03:32
General
-
Target
2024-03-14_c20200ae3c8acb3aa23a9097b6099739_qnapcrypt
-
Size
4.7MB
-
MD5
c20200ae3c8acb3aa23a9097b6099739
-
SHA1
df920c349a310f6a1532ed05f524f400e85603b3
-
SHA256
55845e687ddcd2c133d6e30802be2dcc54f27fb8abb894229f76b0767ce56567
-
SHA512
340e157afe4f7b0800009bb220be56dcaffb0b41409935a4730fcfe6f4775960b1aaa0d804d0a0fbcfb47d451cf8c1b2c17cc2211c88046bc38295721c0c5b16
-
SSDEEP
49152:MRos/AVhzmQymwq+6r0BCU0hVba2j2O7LIyaXn6k6VjfbtvDGG0U:LIuGq+6r0BL0TM37
Malware Config
Signatures
-
Renames multiple (27194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes log files 1 TTPs 6 IoCs
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 20 IoCs
-
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
-
Reads network interface configuration 2 TTPs 12 IoCs
Fetches information about one or more active network interfaces.
-
Write file to user bin folder 1 TTPs 3 IoCs
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/2024-03-14_c20200ae3c8acb3aa23a9097b6099739_qnapcrypt/tmp/2024-03-14_c20200ae3c8acb3aa23a9097b6099739_qnapcrypt1⤵
- Writes file to tmp directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
/README_FOR_DECRYPT.txttFilesize
312B
MD5bb882c233cad77744f80cbba3409b867
SHA148ff2e05620fb0170342a8fe9f1a2dbab6e96aad
SHA256d52aad657450026fd6f87a92f3e5b12d3c197e3eb4acec58661213af34671297
SHA5123572944f4342a617c7ce9f260602e8c25b85c7bc87f832598f581ee14f2984fa20ede073941ac700eaab9e39bbb175097f1d68e8ff36d5a6842bdf5c1ae07aa4