d437378baefff4fd038669158fcab40da23c791f230527ad3f25d038ce0b9709 | Triage

Sharing

General

Target

d437378baefff4fd038669158fcab40da23c791f230527ad3f25d038ce0b9709.exe
Size

36.7MB
Sample

240418-cfgyeshd2t
MD5

d0e692e9fd731170a037b45facabada6
SHA1

091a50a287e73283c64e9d5c269ea52595b3cc68
SHA256

d437378baefff4fd038669158fcab40da23c791f230527ad3f25d038ce0b9709
SHA512

486ff9740c57bee383393726e369301d7e38a8c1693818d2181881be3da5e718ea224ffc87914fd76f1be7aed0e243dcca0650ff60fa10ef0cafac4fb51ba456
SSDEEP

786432:GM/eCRQ8pXYfPOb0cH2j6+s7LWB75zuBOoGkVW8QOd9+zDZe:/PQkXeObXH2qHWB75ixGkVWjZe

Score

7^/10

pyinstaller ransomware

Malware Config

Targets

- Target
  
  d437378baefff4fd038669158fcab40da23c791f230527ad3f25d038ce0b9709.exe
- Size
  
  36.7MB
- MD5
  
  d0e692e9fd731170a037b45facabada6
- SHA1
  
  091a50a287e73283c64e9d5c269ea52595b3cc68
- SHA256
  
  d437378baefff4fd038669158fcab40da23c791f230527ad3f25d038ce0b9709
- SHA512
  
  486ff9740c57bee383393726e369301d7e38a8c1693818d2181881be3da5e718ea224ffc87914fd76f1be7aed0e243dcca0650ff60fa10ef0cafac4fb51ba456
- SSDEEP
  
  786432:GM/eCRQ8pXYfPOb0cH2j6+s7LWB75zuBOoGkVW8QOd9+zDZe:/PQkXeObXH2qHWB75ixGkVWjZe
Score

7^/10

ransomware
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2