Resubmissions

01/06/2024, 19:21

240601-x2s8sscc9s 9

01/06/2024, 19:03

240601-xqf44abh7s 9

General

  • Target

    CODE.txt

  • Size

    79B

  • Sample

    240601-xqf44abh7s

  • MD5

    a734f581e64d9fa9475ef4271583852e

  • SHA1

    93cdba4f49898771e18002535ac7f3f4edfce139

  • SHA256

    fb2b2d3f3dbf70e5970c8f71c1f45f2d77c0f951ae6ca47cd3223ddd1c3bcfbf

  • SHA512

    c0b52acbd826c73767fe33137e9cd10a68f543a2fd4f9f73e2acb96a976e12b0cccb31e4daa5f7fdcbecb205a403d7723da64b1809a5ca80ab996834507cf973

Score
9/10

Malware Config

Targets

    • Target

      CODE.txt

    • Size

      79B

    • MD5

      a734f581e64d9fa9475ef4271583852e

    • SHA1

      93cdba4f49898771e18002535ac7f3f4edfce139

    • SHA256

      fb2b2d3f3dbf70e5970c8f71c1f45f2d77c0f951ae6ca47cd3223ddd1c3bcfbf

    • SHA512

      c0b52acbd826c73767fe33137e9cd10a68f543a2fd4f9f73e2acb96a976e12b0cccb31e4daa5f7fdcbecb205a403d7723da64b1809a5ca80ab996834507cf973

    Score
    9/10
    • Renames multiple (560) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks