bd8b73a646bf3d5b0e2c1ad8e32b62a2abe57e7f3c86d285799822e0aef069aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SevenRecode.7z
Size

19.2MB
Sample

240501-mwe4wadb6w
MD5

19e5b569704456673fe24fc7ff1f369c
SHA1

e88257823d276ac6fc4ff6fd5ebb7bba15ec8c92
SHA256

bd8b73a646bf3d5b0e2c1ad8e32b62a2abe57e7f3c86d285799822e0aef069aa
SHA512

fdd2c3c9f1c7e008285a551dd462c359f0566bdd7e92202b9a03dfe2e47c606726a3bd8050e5cba322a5a2d9149ce7d2c2f11a12c14380d400466e68ce967819
SSDEEP

393216:YdFQX4122/cyp6C9deDhWucMg50R3hesF+okXskY4W8dp4d2a+TK:QQaL47NWu7g501heakdYkp0+TK

Score

9^/10

evasion ransomware spyware stealer

Malware Config

Targets

- Target
  
  SevenRecode.exe
- Size
  
  67.6MB
- MD5
  
  a02ed15a829382c005362565968594b7
- SHA1
  
  4435dd469b9c2187f54e1db5bddbd6d30fe90ade
- SHA256
  
  f8c9d375868d8e0e7ff19a1301deed3ee4ef5c5d63397d3ea056455d86fe72b7
- SHA512
  
  ed86dffa40e06fe959088ab4b41a8fa0d1fed515c32f7daff6c5dcb07a826085cbb5df5e0b1a50a01cb2e8173dbcc32f96495e3bc7b383a75d717d7335859709
- SSDEEP
  
  786432:43a4EjmXHtFz47/vttM2/55c2lStV07Abla0gGbiWjd:43a4EjKHtwM2/LjSD07tjGd
Score

9^/10

evasion ransomware spyware stealer
- Renames multiple (4251) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionransomwarespywarestealer

behavioral2

evasionransomwarespywarestealer