e4022fef94b538fc9e7841fedca06d7cde815ccb3ba08be44763c11ba2836a21 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SevenRecode.7z
Size

19.2MB
Sample

240501-mclgjscf6v
MD5

7169eea6c10b945fe6a3c664d93169b9
SHA1

62dd0bee342905ed79107872f918b510e5e0c16f
SHA256

e4022fef94b538fc9e7841fedca06d7cde815ccb3ba08be44763c11ba2836a21
SHA512

3a6a4cb103e8a33ea97984c7ef886a7bbccbae9914e6cf8217aaf0500fe790456e0196304c8b89a06e897f2cc00856ed8a19b6ff70bfcec8ee4f30b40c5a0aa2
SSDEEP

393216:udFQNAzXhvy/SxcyfmeevOh1d6T57qqZDPWHTi+Ti:uQNMXheSJfmee2TwT5Wq4i+Ti

Score

9^/10

evasion ransomware spyware stealer

Malware Config

Targets

- Target
  
  SevenRecode.exe
- Size
  
  67.6MB
- MD5
  
  5694ca3240ecb6dd8dd0c80f6bd326b3
- SHA1
  
  ec41284e250b02b5afa930c105029234649d9d18
- SHA256
  
  c816041189009084ac3b1da0a273b4c95ed9080009f5d4d7f4515f85a4c2f07e
- SHA512
  
  573076e341690b812d31f51afd59b9b21ad7f471d9bf7a57bc752117462a8c8c837d0afa2b99f9bc08cc5601507b50fcdd8f5a7d724e9143e487829d6d027c90
- SSDEEP
  
  786432:43a4EjmXHZFz47/vPVM2/55c2lStV07Abla0gGbiWjA:43a4EjKHZCM2/LjSD07tjGA
Score

9^/10

evasion ransomware spyware stealer
- Renames multiple (4250) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionransomwarespywarestealer

behavioral2

evasionransomwarespywarestealer