b791db3bc08543df0c7f1e5d901a3f213cc7947e75f987dc54c47aa2b00133bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_58241171c74d3ad9e8985f35bcf98da3_bkransomware
Size

6.6MB
Sample

240601-e3kzpsae25
MD5

58241171c74d3ad9e8985f35bcf98da3
SHA1

d74a82afd46f32eebf481795dfb13be8887dc014
SHA256

b791db3bc08543df0c7f1e5d901a3f213cc7947e75f987dc54c47aa2b00133bb
SHA512

66421b0dada320107d0139ec38e4e6858324b6cc6296e5ab9f190cc900ebd33599792e1b138c9628e07cf9f13928f85b4e10030bc1709901fac0b076b83ae9c5
SSDEEP

196608:Ib6LDrvjBQWj0OjOHzirOSM53JHbaZQx9:JjDvSziqX5HbJ

Score

8^/10

execution

Malware Config

Targets

- Target
  
  2024-06-01_58241171c74d3ad9e8985f35bcf98da3_bkransomware
- Size
  
  6.6MB
- MD5
  
  58241171c74d3ad9e8985f35bcf98da3
- SHA1
  
  d74a82afd46f32eebf481795dfb13be8887dc014
- SHA256
  
  b791db3bc08543df0c7f1e5d901a3f213cc7947e75f987dc54c47aa2b00133bb
- SHA512
  
  66421b0dada320107d0139ec38e4e6858324b6cc6296e5ab9f190cc900ebd33599792e1b138c9628e07cf9f13928f85b4e10030bc1709901fac0b076b83ae9c5
- SSDEEP
  
  196608:Ib6LDrvjBQWj0OjOHzirOSM53JHbaZQx9:JjDvSziqX5HbJ
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2