107c0ba036e00df60727c2da49d7d3f5d3f2e2bd7c3816aabc688b8d353174d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SevenRecode.7z
Size

19.2MB
Sample

240501-mgejsseh78
MD5

166b9d969516b030af45ec3b6176d84b
SHA1

90502cf41c88ea336c0c382d9c96a94e8f0b5eb0
SHA256

107c0ba036e00df60727c2da49d7d3f5d3f2e2bd7c3816aabc688b8d353174d9
SHA512

9cdb1d29773aa75caae9d104a0abdd494f64afe2f3e8cf9bd56661d1cddc2f03148f28a76c7ae77ab3193a08c2ba1f9f0a956589bc17c7e9ba648a819cc8e844
SSDEEP

393216:2dFQcT4U5LVdpI+JIhRog3FZJ46W7t2guz9lZ+xvvPOENsBqVP+TN:GQcT4QVbMlVZNW7dY9yxv3OYsByP+TN

Score

9^/10

evasion ransomware spyware stealer

Malware Config

Targets

- Target
  
  SevenRecode.exe
- Size
  
  67.6MB
- MD5
  
  f3741a0c0ff45514159fef8bf368ea40
- SHA1
  
  c87868848d1432743524349793b2cbcae55240c1
- SHA256
  
  f3eb442a0caebce8d4b69bc84ea8c8fc8a06b53fe42bf02ae32e2981c8714e42
- SHA512
  
  8cc9808af803ce4691943052e441d522e942e8df65a66dd62b5af631fe7934c4cb112fbd1d8c538462e2e889fce3183d81cee4df13cc29351bea6349b54fd5bc
- SSDEEP
  
  786432:43a4EjmXH+Fz47/vwhM2/55c2lStV07Abla0gGbiWj7:43a4EjKH+3M2/LjSD07tjG7
Score

9^/10

evasion ransomware spyware stealer
- Renames multiple (4262) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionransomwarespywarestealer

behavioral2

evasionransomwarespywarestealer