General
-
Target
f2b3c6d7549e216fe9e8fb517553a240N.exe
-
Size
64KB
-
Sample
240725-y37cgssdmp
-
MD5
f2b3c6d7549e216fe9e8fb517553a240
-
SHA1
c8c59541cc7bb898a6ca98e1bcf9981e1fb78ee4
-
SHA256
b29e8580734a462ecd1834e60e46a5276d5c58d65a89a43fd66e21373c7bc99a
-
SHA512
cd110e425299c12df33a94121cf3982d4a974145c11d1645b9c7cdf57c15c1fe2ff3e5dc386c73be1b0b51d14466c0059665396d9f985903df0b2ddb9339addd
-
SSDEEP
768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeIiKxP:CTWJGpG7TWJGpGjUpCUpS
Malware Config
Targets
-
-
Target
f2b3c6d7549e216fe9e8fb517553a240N.exe
-
Size
64KB
-
MD5
f2b3c6d7549e216fe9e8fb517553a240
-
SHA1
c8c59541cc7bb898a6ca98e1bcf9981e1fb78ee4
-
SHA256
b29e8580734a462ecd1834e60e46a5276d5c58d65a89a43fd66e21373c7bc99a
-
SHA512
cd110e425299c12df33a94121cf3982d4a974145c11d1645b9c7cdf57c15c1fe2ff3e5dc386c73be1b0b51d14466c0059665396d9f985903df0b2ddb9339addd
-
SSDEEP
768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeIiKxP:CTWJGpG7TWJGpGjUpCUpS
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (20393) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Modify Registry
3Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1