1eddc7c828f55c4879decba9d8d1011deacc756ecbf137bb7abfb315a8d675b9 | Triage

Sharing

General

Target

SevenRecode.7z
Size

19.2MB
Sample

240501-wnn69acg51
MD5

998379efddc01ae835e8a5e3b2a92637
SHA1

c7b09a07aff225555e15f5a6c3f9122008ccddd3
SHA256

1eddc7c828f55c4879decba9d8d1011deacc756ecbf137bb7abfb315a8d675b9
SHA512

e13d4501215954d0626d938782be11141d43e24982a6737a05b7ec8666e584a7d7a1a3537cfba21c01e3407b95418c1161c34188957f8a56441956b75d9f3a56
SSDEEP

393216:rdFQkWuMuMXxtm6Dh85DCtKRAQkYMey0wixjKPGZBLm5Ss+FAj6a6/H:/QkWFuMBBcRB7CeZBLUSs+Fw6aCH

Score

9^/10

evasion ransomware spyware stealer

Malware Config

Targets

- Target
  
  SevenRecode.exe
- Size
  
  67.6MB
- MD5
  
  272e0f870784656cfc714ed65c635c54
- SHA1
  
  5b32ce1a2178d9281d8ecebffabdb496a56ecd08
- SHA256
  
  a85f906174267927addab742727b2ef74a6327d33f8cd5ca6a9654657593e9eb
- SHA512
  
  e42a8aea5d12cc10510e8a02ccd350504fd77b2740f993f6bb2dab7769eeee1221fc6d2eca627e4ad98bc26f63f382ea0347aceecadaa61935f93c4198052bff
- SSDEEP
  
  786432:43a4EjmnHgFz47/vZCM2/55c2lStV07Abla0gGbiWj+:43a4EjaHgDM2/LjSD07tjG+
Score

9^/10

evasion ransomware spyware stealer
- Renames multiple (4271) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionransomwarespywarestealer

behavioral2

evasionransomwarespywarestealer