General
-
Target
SevenRecode.zip
-
Size
94KB
-
Sample
240501-jdbf7adb23
-
MD5
7c3f21323d7411cc1806ba56e8845e5f
-
SHA1
08160851280cae4c977693c5483a57ed27128154
-
SHA256
157305fa4129444a6727a7ca13bd1ad5874f0d6c6484e6dbb973a57c7597abb6
-
SHA512
a49b33c86fb4b2dec22c3762fb6f159a948b073e4a87ef579ff2162b35de5f63fa08a6e272a15c6b031530a9612f2258530cd6b13784782435ce41fe5258ece7
-
SSDEEP
1536:njbspkf0PPFqpyYb4dTXqE3njVhiXFGGDsSuLa5dzrm+AoI42C4WHTO94RMcj48v:jbspxFqZbmTXXjmVGGDsHYFrbILBp2RH
Malware Config
Targets
-
-
Target
SevenRecode.dll
-
Size
26KB
-
MD5
86a96a79f057276294e143c3dd7af7ec
-
SHA1
a54e9740ea5f337224288ee71046f59caf9dce56
-
SHA256
25d7371f1b276a419a3f76db69ebd740cbb9e835954f78153419ec4f6b3cfdee
-
SHA512
4a6dbb955db13277ff99782124361c84064a0d92b709a27c2538b11e09430959a69a97f1604ec33adaae95c1df7ed1b9c0b32ab9cba9487b99833be1c03e3618
-
SSDEEP
384:O8aOXXComOuGwz4nOHpkHEllrF8UBqv1peN1F1Vs+9ZHl5yRHg5mEfuWZt7l0f:9xHComO1wpHpkHAZX/1FnT9ZHlueBbc
Score1/10 -
-
-
Target
SevenRecode.exe
-
Size
139KB
-
MD5
e1d9180df5ab094d70f83c48654b26d5
-
SHA1
40c42ac623b2bc29dd9d53e2b68610096eca3035
-
SHA256
f84fc41549deb5db5877f349d97992e108c2d62baca1ca19564c0d5cc41d0601
-
SHA512
20fb2c009f7d2f70559918d6582e9df720deb1426664873032d52ef22bfbc99f62f568961d7e9dc9ef13d0bf24c798ddb6c075cbdf24636ea5ec6744b442b834
-
SSDEEP
3072:SiS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJt8ltg:SiS4ompB9S3BZi0a1G78IVhcXct
Score9/10-
Renames multiple (4300) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Drops file in Drivers directory
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-