Resubmissions

24-11-2024 00:19

241124-amn9zazrdk 10

03-05-2024 16:55

240503-vffz8sec77 10

15-04-2024 14:29

240415-rtx9wsgf63 10

10-04-2024 15:57

240410-td2cqadc92 10

General

  • Target

    Computer Raper.exe

  • Size

    85.4MB

  • Sample

    240415-rtx9wsgf63

  • MD5

    bdb24ed9f869fcd462b316148514fc5b

  • SHA1

    83935122b626378a3149e9036cd751514add4b52

  • SHA256

    83875ea85b183c609c5ddcd92afe62265745192a417b80524f12741fc028aca0

  • SHA512

    12fdb77a75debeacbc4b98cac45d09a7bcc378bd9bd51bbc035838b99c1d595660d5c0961a2d041b2e8359f3b5b096f589d39453ada9874436411b94b8b0d611

  • SSDEEP

    1572864:NUkskQ1oOZrCqix58TkbajhXBFEQT9VotzcJ97:N/NQbCbmXXEUvoM97

Malware Config

Targets

    • Target

      Computer Raper.exe

    • Size

      85.4MB

    • MD5

      bdb24ed9f869fcd462b316148514fc5b

    • SHA1

      83935122b626378a3149e9036cd751514add4b52

    • SHA256

      83875ea85b183c609c5ddcd92afe62265745192a417b80524f12741fc028aca0

    • SHA512

      12fdb77a75debeacbc4b98cac45d09a7bcc378bd9bd51bbc035838b99c1d595660d5c0961a2d041b2e8359f3b5b096f589d39453ada9874436411b94b8b0d611

    • SSDEEP

      1572864:NUkskQ1oOZrCqix58TkbajhXBFEQT9VotzcJ97:N/NQbCbmXXEUvoM97

    • Chimera

      Ransomware which infects local and network files, often distributed via Dropbox links.

    • Chimera Ransomware Loader DLL

      Drops/unpacks executable file which resembles Chimera's Loader.dll.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • mimikatz is an open source tool to dump credentials on Windows

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks