General

  • Target

    92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5

  • Size

    145KB

  • Sample

    240314-ev7thace48

  • MD5

    f6bcf480cc1e928ab55ad9c3310919e6

  • SHA1

    dc21c53fee3dd49773fd2bd145ef57760b564b6b

  • SHA256

    92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5

  • SHA512

    cdc42149b920a6109628c8a3f328c6d1dd5a279cbe860dc538cd7699f0234741c6429bac86e4ae52b716168942e187eaa4b314597d1b5d8963b34640c78fc526

  • SSDEEP

    3072:wqJogYkcSNm9V7DNgrogsqLnwYskVnSlT:wq2kc4m9tD6ZVn

Malware Config

Targets

    • Target

      92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5

    • Size

      145KB

    • MD5

      f6bcf480cc1e928ab55ad9c3310919e6

    • SHA1

      dc21c53fee3dd49773fd2bd145ef57760b564b6b

    • SHA256

      92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5

    • SHA512

      cdc42149b920a6109628c8a3f328c6d1dd5a279cbe860dc538cd7699f0234741c6429bac86e4ae52b716168942e187eaa4b314597d1b5d8963b34640c78fc526

    • SSDEEP

      3072:wqJogYkcSNm9V7DNgrogsqLnwYskVnSlT:wq2kc4m9tD6ZVn

    • Renames multiple (7728) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks