Resubmissions
13-04-2024 09:28
240413-lfvc7acf52 1013-04-2024 09:28
240413-lft3esff2x 1013-04-2024 09:28
240413-lfemqsff2t 1013-04-2024 09:27
240413-le61lafe91 1013-04-2024 09:27
240413-le6ptsfe9z 1009-04-2024 08:16
240409-j555wadf8x 1009-04-2024 08:16
240409-j55t4sdf8v 1009-04-2024 08:16
240409-j54xtaad59 1009-04-2024 08:15
240409-j52sfsad57 1004-11-2020 01:00
201104-p65ygpgpnx 9General
-
Target
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin
-
Size
483KB
-
Sample
240413-le6ptsfe9z
-
MD5
3265b2b0afc6d2ad0bdd55af8edb9b37
-
SHA1
24272beb676d956ec8a65b95a2615c9075fa9869
-
SHA256
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4
-
SHA512
28f99da799b43a5fd060b5cab411911b54ceeb51e612ec6213c2b8003ee6de29bc46683ba04507c0e8a92e9fbec4be5cecbc8918618db9c15f231a5be806cb94
-
SSDEEP
12288:JF+dRkCGjzKd5Ik6ZDEyyq8Me0KzYB3IvClBTn:JF+deC2+d5AZLde0KcBU4BT
Static task
static1
Behavioral task
behavioral1
Sample
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin
-
Size
483KB
-
MD5
3265b2b0afc6d2ad0bdd55af8edb9b37
-
SHA1
24272beb676d956ec8a65b95a2615c9075fa9869
-
SHA256
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4
-
SHA512
28f99da799b43a5fd060b5cab411911b54ceeb51e612ec6213c2b8003ee6de29bc46683ba04507c0e8a92e9fbec4be5cecbc8918618db9c15f231a5be806cb94
-
SSDEEP
12288:JF+dRkCGjzKd5Ik6ZDEyyq8Me0KzYB3IvClBTn:JF+deC2+d5AZLde0KcBU4BT
Score10/10-
Renames multiple (4054) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1