General
-
Target
SevenRecode.zip
-
Size
94KB
-
Sample
240501-hhdxfaac3w
-
MD5
02060cccf90c82317b0d0483204374d3
-
SHA1
27afb6c18a64f1ec02279916ca7ab0beda884085
-
SHA256
e965eefea95e3441a2fe437c893dc0ecb8be06214f76e483d382732ccc31db5c
-
SHA512
35e9671404a8b170315a072a2c30ea007bda37e8db10859120370c70e47349bb12bae9f5df03dc167142ef05ae71777fa5a17e0a5abc467033710fe792755814
-
SSDEEP
1536:7jbsS4zp3pek/8RZLzilVhiXFGGDsSuV2m+AoI42C4WHTO9cPezLRzYi:3bslrjEPImVGGDsHcbILBpCwll
Malware Config
Targets
-
-
Target
SevenRecode.dll
-
Size
26KB
-
MD5
65b24175381061fa21001258bc56a001
-
SHA1
7315096899f4fc40ba8d9b8e0ba759b974044a14
-
SHA256
e0edb054c263a429cc707c3952d3088adc853cca7878dc92d8d876c689cac991
-
SHA512
b4aefe405faa2450e7f6038f08803c455793c994fc34a7dc80590f41f269c9d9fd15deee4fde7f2ee8c8f3f39af4d8d667b55d4284c2f79a56d59b794e4adebe
-
SSDEEP
384:o8aOXXComOGonSR/pgostG2JcesUaiKdVCB+1lthFZfuWZtgY2D3QE:fxHComOGRgoKG2zAdVz3hfbTYx
Score1/10 -
-
-
Target
SevenRecode.exe
-
Size
139KB
-
MD5
a2488db381a90da326053a2050cee0b3
-
SHA1
ccd2a0b649126f6fcd9c8118ee35c9444bc5acd3
-
SHA256
ab179853ce915ac8d41a77c553a56bd9c660f632326ab97929fd57b081138ef4
-
SHA512
3f9ae5f78f632e9b07f98ea88a806f7252340882f07081bfe2f1cdadde39a13324bee455a78971ade7e893d03ed27a1a7d123dd59b504eaf0adc8340457fad42
-
SSDEEP
3072:eiS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJt8ltf:eiS4ompB9S3BZi0a1G78IVhcXct
Score9/10-
Renames multiple (4311) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-