General

  • Target

    Trojan.Ransom.NotPetya.zip

  • Size

    321KB

  • Sample

    240406-srdm5sdg85

  • MD5

    cd941cd911bd1ac5c37754d1d022aefb

  • SHA1

    168f20a901b52ca314618a7ebdf0889f8db72b3e

  • SHA256

    b2303893caaf9c6e048fc2aaf7ecbe6264a629a19169e5395595442d78ba17ad

  • SHA512

    45b47529c473ea3b5539c279f6ba7214b320db7c3845eb1e29dc215da6aa85fc06fbfc620a7019a41c2ab6728a5ec78a6804a6912dcd64b9670de49683cc78bc

  • SSDEEP

    6144:B1DSczJ7BsNnX1EPljAetGjN3bFNq7pvndbaqPEwK30b3nilrdQY/CdUT:KiJ7+1iNGoFdbPMwK323odQYaUT

Malware Config

Targets

    • Target

      NotPetya.exe

    • Size

      390KB

    • MD5

      b6cc1e4052f613e15a8b05439f5877b4

    • SHA1

      9bb3cb5080ae18985d93a28faeca6ae06d768b21

    • SHA256

      e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737

    • SHA512

      cd48f448cd355a1463ca090d8ad47100596e1ed1a1a771f26c672406669433e9d9d915268def0aad844511f65a3c69fbb3ab2e2dc610ecc0f66a8524a6a8ea73

    • SSDEEP

      12288:rF/X4NTS/x9jNG+w+9OqFoK323qdQYKU3:BXATS/x9jNg+95vdQa

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • mimikatz is an open source tool to dump credentials on Windows

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks