General

  • Target

    5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006

  • Size

    643KB

  • Sample

    240602-2fln2shd6w

  • MD5

    1a9f69b0b0537816793bb0d0c2c34791

  • SHA1

    fef95a0ca0f851a4608cbc33c3bf427720eeef5f

  • SHA256

    5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006

  • SHA512

    01ae84534adbc79fe9cce7d9e769704d836e983e3e123f79577d0a06e88ac8471b7a834a11dfc4d37a90633e28c0aa8293960aca5a61a2d34f1f594c917da9a7

  • SSDEEP

    12288:IAIuZAIuOVAIuZAIuOFNUhiHOR4LucvSFSrux88ndNtJXzLFzi0:NSXUhiHOeE8rin3thLH

Score
10/10

Malware Config

Targets

    • Target

      5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006

    • Size

      643KB

    • MD5

      1a9f69b0b0537816793bb0d0c2c34791

    • SHA1

      fef95a0ca0f851a4608cbc33c3bf427720eeef5f

    • SHA256

      5d47015b8a47cfe96f774cea2d2b8be742bcd13cc9049371027b20ced65f8006

    • SHA512

      01ae84534adbc79fe9cce7d9e769704d836e983e3e123f79577d0a06e88ac8471b7a834a11dfc4d37a90633e28c0aa8293960aca5a61a2d34f1f594c917da9a7

    • SSDEEP

      12288:IAIuZAIuOVAIuZAIuOFNUhiHOR4LucvSFSrux88ndNtJXzLFzi0:NSXUhiHOeE8rin3thLH

    Score
    9/10
    • Renames multiple (2846) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks