Overview

overview

9

Static

static

3

SevenRecode.exe

windows10-2004-x64

1

SevenRecode.exe

windows11-21h2-x64

1

SevenRecode.exe

windows10-2004-x64

9

SevenRecode.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SevenRecode.deps.zip

  • Size

    101KB

  • Sample

    240501-ebmzzsfa91

  • MD5

    222c450b2221bdbec8d829399496aba9

  • SHA1

    9b89faaf84641d60de4c14a6119aded6c6638640

  • SHA256

    c3425676c61aa3ea982df80c68b5104e459846490942af7b63080bca22904ee5

  • SHA512

    33aa85669557d9e736aaabdf66045c6dadac9c730599da0d7713ddbb291199b2c97483703f14d805e0b4a267cd4d457ea7778555d0bfd1b26d7058470f84ca1b

  • SSDEEP

    1536:7jbsYXKXEjf4FeOFWsmC16VhiXFGGDsSuV2m+AoI42C4WHTO9cPezLRzYh:3bsYXK7zWsZsmVGGDsHcbILBpCwl+

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      SevenRecode.dll

    • Size

      33KB

    • MD5

      51ad7e276ad803b26109eb2d53e58825

    • SHA1

      80a10cad83e017241c77f1d4a856e16d58cadf6f

    • SHA256

      4d4374a682264fc3f2ba89c6f7c7be687eb1232372b831eb761c62197fdd39b2

    • SHA512

      3275990fceebe18b952e73b8d69fc2061f2d5da79a395d0a154061b6e3f60e234fe73a720fead067a61c20da8079cf464a5399a56a10d985c34ff08bfea53b83

    • SSDEEP

      768:SxHComOm+oAo8p5HWTgLVh4oCIint9FVnaDwHyS4x:IxFRRh4oZutfVJSS4

    Score
    1/10
    behavioral1behavioral2

    • Target

      SevenRecode.exe

    • Size

      139KB

    • MD5

      a2488db381a90da326053a2050cee0b3

    • SHA1

      ccd2a0b649126f6fcd9c8118ee35c9444bc5acd3

    • SHA256

      ab179853ce915ac8d41a77c553a56bd9c660f632326ab97929fd57b081138ef4

    • SHA512

      3f9ae5f78f632e9b07f98ea88a806f7252340882f07081bfe2f1cdadde39a13324bee455a78971ade7e893d03ed27a1a7d123dd59b504eaf0adc8340457fad42

    • SSDEEP

      3072:eiS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJt8ltf:eiS4ompB9S3BZi0a1G78IVhcXct

    Score
    9/10
    ransomwarespywarestealer

    • Renames multiple (3779) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks