General

  • Target

    01bf78841b63bcdd8280157c486b45ad74811c0251140a054de81a925ce7f716

  • Size

    145KB

  • Sample

    240314-endxvacc67

  • MD5

    7966a61801e560b0031ba0e7d5864456

  • SHA1

    bb737041b092879f10e400a599e5301d186bb6d9

  • SHA256

    01bf78841b63bcdd8280157c486b45ad74811c0251140a054de81a925ce7f716

  • SHA512

    475f41efdafcb2a19e3d0c47b824f13f7ad609412d5d99bd08346795e3f98a14c96ab62f1ff0305a9fffc8d6c025f7c4c2e8a1502bfdb17484add606539f94d6

  • SSDEEP

    3072:pqJogYkcSNm9V7DF78cwcmphqvbAw/rKfGT:pq2kc4m9tDp7wxhqnm

Malware Config

Targets

    • Target

      01bf78841b63bcdd8280157c486b45ad74811c0251140a054de81a925ce7f716

    • Size

      145KB

    • MD5

      7966a61801e560b0031ba0e7d5864456

    • SHA1

      bb737041b092879f10e400a599e5301d186bb6d9

    • SHA256

      01bf78841b63bcdd8280157c486b45ad74811c0251140a054de81a925ce7f716

    • SHA512

      475f41efdafcb2a19e3d0c47b824f13f7ad609412d5d99bd08346795e3f98a14c96ab62f1ff0305a9fffc8d6c025f7c4c2e8a1502bfdb17484add606539f94d6

    • SSDEEP

      3072:pqJogYkcSNm9V7DF78cwcmphqvbAw/rKfGT:pq2kc4m9tDp7wxhqnm

    • Renames multiple (328) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks