General

  • Target

    2024-04-28_fdf20870e0f6947acc54d7dc158de616_bkransomware

  • Size

    518KB

  • Sample

    240428-v5gm3ach57

  • MD5

    fdf20870e0f6947acc54d7dc158de616

  • SHA1

    d3f35f9cd5bf840d8c9b690929822f72f3e59bd7

  • SHA256

    fa59ee84ae7cf946b9bc035dfde8fb40d3e3468190bd17cb610c53fe3d2bc844

  • SHA512

    3f35c985dd351ff1db874a5d351bb42bfca675df3ac4bca2d5cdf91f6012b9aa0cf73efbf5896a967cda8aacf3d212db0106520a524080d395195b3238b1b3d7

  • SSDEEP

    12288:xC0tmH3Ut1er+kigoZUWtBaL4XA9K8gGsxEiIS:DtmiyQ2WHaLHsuZS

Malware Config

Targets

    • Target

      2024-04-28_fdf20870e0f6947acc54d7dc158de616_bkransomware

    • Size

      518KB

    • MD5

      fdf20870e0f6947acc54d7dc158de616

    • SHA1

      d3f35f9cd5bf840d8c9b690929822f72f3e59bd7

    • SHA256

      fa59ee84ae7cf946b9bc035dfde8fb40d3e3468190bd17cb610c53fe3d2bc844

    • SHA512

      3f35c985dd351ff1db874a5d351bb42bfca675df3ac4bca2d5cdf91f6012b9aa0cf73efbf5896a967cda8aacf3d212db0106520a524080d395195b3238b1b3d7

    • SSDEEP

      12288:xC0tmH3Ut1er+kigoZUWtBaL4XA9K8gGsxEiIS:DtmiyQ2WHaLHsuZS

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks