General

  • Target

    2024-04-27_23ae61343a6c0414f8649b8fb4ddcfe6_bkransomware

  • Size

    71KB

  • Sample

    240427-2bxkrahh53

  • MD5

    23ae61343a6c0414f8649b8fb4ddcfe6

  • SHA1

    9633159892df49a93fedc063d452ce43a474d835

  • SHA256

    2be84db3a1d3d9e82c96a16c57fa6caa825dca519ef347be8627f864aa8de073

  • SHA512

    ab9a80d0ba2a1e50d44e52eedd6facbb635d48e7152a5fbc7f94cf738f2def282e9b04715ae26cab69c4c68eae44862c6d9f71932b1d7c9c2a79c46207b82ad3

  • SSDEEP

    1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTE:ZhpAyazIlyazTE

Malware Config

Targets

    • Target

      2024-04-27_23ae61343a6c0414f8649b8fb4ddcfe6_bkransomware

    • Size

      71KB

    • MD5

      23ae61343a6c0414f8649b8fb4ddcfe6

    • SHA1

      9633159892df49a93fedc063d452ce43a474d835

    • SHA256

      2be84db3a1d3d9e82c96a16c57fa6caa825dca519ef347be8627f864aa8de073

    • SHA512

      ab9a80d0ba2a1e50d44e52eedd6facbb635d48e7152a5fbc7f94cf738f2def282e9b04715ae26cab69c4c68eae44862c6d9f71932b1d7c9c2a79c46207b82ad3

    • SSDEEP

      1536:Fc897UsWjcd9w+AyabjDbxE+MwmvlDuazTE:ZhpAyazIlyazTE

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks