General

  • Target

    1280eee88bc188622bceadd8a427c5f5e242ddfd175c378b3d828e5e7a0d66ca.exe

  • Size

    2.6MB

  • Sample

    240523-rv2cyaed3v

  • MD5

    88d00427a014f1fdb88383a6a8ab97a5

  • SHA1

    d8c5d3ab8e11aa9dd5236625b610837b5cbbfd27

  • SHA256

    1280eee88bc188622bceadd8a427c5f5e242ddfd175c378b3d828e5e7a0d66ca

  • SHA512

    764319cdf3423a0c38f9050694bd936f2081d1ae34580aa055171ac84ae4b77d488422a68a5e607d2df6ba2627835990fba93a8a405d29cd88c1cde828ce3531

  • SSDEEP

    49152:wgwR0ifu1DBgutBPNw6m+sqFrDCcTeL7dzXVeH0Bl1nzBJ6GDaJP:wgwR0vguPPK6GkDC7hv1zeP

Malware Config

Targets

    • Target

      1280eee88bc188622bceadd8a427c5f5e242ddfd175c378b3d828e5e7a0d66ca.exe

    • Size

      2.6MB

    • MD5

      88d00427a014f1fdb88383a6a8ab97a5

    • SHA1

      d8c5d3ab8e11aa9dd5236625b610837b5cbbfd27

    • SHA256

      1280eee88bc188622bceadd8a427c5f5e242ddfd175c378b3d828e5e7a0d66ca

    • SHA512

      764319cdf3423a0c38f9050694bd936f2081d1ae34580aa055171ac84ae4b77d488422a68a5e607d2df6ba2627835990fba93a8a405d29cd88c1cde828ce3531

    • SSDEEP

      49152:wgwR0ifu1DBgutBPNw6m+sqFrDCcTeL7dzXVeH0Bl1nzBJ6GDaJP:wgwR0vguPPK6GkDC7hv1zeP

    • Detects Mimic ransomware

    • Mimic

      Ransomware family was first exploited in the wild in 2022.

    • Modifies security service

    • UAC bypass

    • Modifies boot configuration data using bcdedit

    • Renames multiple (6255) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Deletes System State backups

      Uses wbadmin.exe to inhibit system recovery.

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks