General
-
Target
5bb8c2a485f64832b40145a6ad0970ec8f8e1c88f192953ce59cc76302a7551e.exe
-
Size
902KB
-
Sample
240522-3vae1adg2w
-
MD5
18908ecd67f033bbba5f6a35cb50f5e0
-
SHA1
16cca5b79a59a69749fed5465bf8d5ad2e76e218
-
SHA256
5bb8c2a485f64832b40145a6ad0970ec8f8e1c88f192953ce59cc76302a7551e
-
SHA512
7a7aefc1fbe3e17691c37eda625458cb94fed4f4627c59770c361cfb7feadec57b899a378877ded5bfb16afe785a7181fd2b109bc9f73d59fdcd9a2aa8918180
-
SSDEEP
12288:lCPk/jBKDmm/6714vhXC0oS8NH/y45p2fEqbYqM05KdfM3:cs1Om571AbRCfsEfz
Malware Config
Targets
-
-
Target
5bb8c2a485f64832b40145a6ad0970ec8f8e1c88f192953ce59cc76302a7551e.exe
-
Size
902KB
-
MD5
18908ecd67f033bbba5f6a35cb50f5e0
-
SHA1
16cca5b79a59a69749fed5465bf8d5ad2e76e218
-
SHA256
5bb8c2a485f64832b40145a6ad0970ec8f8e1c88f192953ce59cc76302a7551e
-
SHA512
7a7aefc1fbe3e17691c37eda625458cb94fed4f4627c59770c361cfb7feadec57b899a378877ded5bfb16afe785a7181fd2b109bc9f73d59fdcd9a2aa8918180
-
SSDEEP
12288:lCPk/jBKDmm/6714vhXC0oS8NH/y45p2fEqbYqM05KdfM3:cs1Om571AbRCfsEfz
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (60) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1