General

  • Target

    8a3d12ea4f19d8ba71407adf6f92a840a3da4bd6445516505a497058896d7182

  • Size

    118KB

  • Sample

    240611-apfqlswfrf

  • MD5

    5d734dc3eb946fd7a3197d16d4ae1afd

  • SHA1

    f080c20d63c32e3ad54c0fccf87ab1b5648a5762

  • SHA256

    8a3d12ea4f19d8ba71407adf6f92a840a3da4bd6445516505a497058896d7182

  • SHA512

    53073eaccc717475ef2f6737e2bfaaa79bc1be8c97f979d31ff16c1b192605e73acf4d6f9a0df86108908739aa098f78790e7ef4fc5daffb82dc1767fb256f42

  • SSDEEP

    3072:KQSohsUsxe+erZs1o8k1o83QSohsUsxe+erZs1o8k1o8H:KQSohsUsxe+ePQSohsUsxe+eP

Score
10/10

Malware Config

Targets

    • Target

      8a3d12ea4f19d8ba71407adf6f92a840a3da4bd6445516505a497058896d7182

    • Size

      118KB

    • MD5

      5d734dc3eb946fd7a3197d16d4ae1afd

    • SHA1

      f080c20d63c32e3ad54c0fccf87ab1b5648a5762

    • SHA256

      8a3d12ea4f19d8ba71407adf6f92a840a3da4bd6445516505a497058896d7182

    • SHA512

      53073eaccc717475ef2f6737e2bfaaa79bc1be8c97f979d31ff16c1b192605e73acf4d6f9a0df86108908739aa098f78790e7ef4fc5daffb82dc1767fb256f42

    • SSDEEP

      3072:KQSohsUsxe+erZs1o8k1o83QSohsUsxe+erZs1o8k1o8H:KQSohsUsxe+ePQSohsUsxe+eP

    Score
    9/10
    • Renames multiple (4809) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks