General

  • Target

    4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e

  • Size

    145KB

  • Sample

    240314-erx5wscd63

  • MD5

    34e55b241ba3693f35112330357a8edf

  • SHA1

    5fb869a2d2f3de24e756c576f022781c4b74598e

  • SHA256

    4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e

  • SHA512

    d3014fb73ad252eb94fd514a3b8e897eb3df93dfc217f8ee21c0e7d038fd98702005ea0edb849987ff271472fa5ea2d655176acb3e059325f268bb8ca76a7053

  • SSDEEP

    3072:u6glyuxE4GsUPnliByocWepfVxexiPIIV:u6gDBGpvEByocWepeYV

Malware Config

Targets

    • Target

      4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e

    • Size

      145KB

    • MD5

      34e55b241ba3693f35112330357a8edf

    • SHA1

      5fb869a2d2f3de24e756c576f022781c4b74598e

    • SHA256

      4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e

    • SHA512

      d3014fb73ad252eb94fd514a3b8e897eb3df93dfc217f8ee21c0e7d038fd98702005ea0edb849987ff271472fa5ea2d655176acb3e059325f268bb8ca76a7053

    • SSDEEP

      3072:u6glyuxE4GsUPnliByocWepfVxexiPIIV:u6gDBGpvEByocWepeYV

    • Renames multiple (356) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks