General

  • Target

    2024-06-01_8bf09ef2a418c477474305b7a8065ae2_gpcode

  • Size

    25KB

  • Sample

    240601-2hxjbshg77

  • MD5

    8bf09ef2a418c477474305b7a8065ae2

  • SHA1

    dba57af39b41384369fadf091cdfc477892bd119

  • SHA256

    f779b132d6e1bd6f3c8a591f0ba4db8a2e4f6cd9d06ff3b70a7d1400be242355

  • SHA512

    33b1c06a13d8e412b4e57ae62887a9a4436928176f1831616ce836aa4741ede7a9462234a3dff781f9a10cc50cce9d3dccddf91b5f1c82468bd578fa4a40356d

  • SSDEEP

    192:w+u0k+vYaSyBgp/Gf/nADxiLVK5BOZNyViyKs9LV5+CnQiug2f5rPT5gd:/BQa1ip/CnB5yBOZt3sRvQZg2dPT

Malware Config

Targets

    • Target

      2024-06-01_8bf09ef2a418c477474305b7a8065ae2_gpcode

    • Size

      25KB

    • MD5

      8bf09ef2a418c477474305b7a8065ae2

    • SHA1

      dba57af39b41384369fadf091cdfc477892bd119

    • SHA256

      f779b132d6e1bd6f3c8a591f0ba4db8a2e4f6cd9d06ff3b70a7d1400be242355

    • SHA512

      33b1c06a13d8e412b4e57ae62887a9a4436928176f1831616ce836aa4741ede7a9462234a3dff781f9a10cc50cce9d3dccddf91b5f1c82468bd578fa4a40356d

    • SSDEEP

      192:w+u0k+vYaSyBgp/Gf/nADxiLVK5BOZNyViyKs9LV5+CnQiug2f5rPT5gd:/BQa1ip/CnB5yBOZt3sRvQZg2dPT

    • Renames multiple (908) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks