84687009a5881cfb01d7321ce57ed2fd28c4f7742678c8281d43f90bf2c0660d

Sharing

Copy URL

Twitter E-mail

General

Target

勒索12x 240726.rar
Size

100KB
Sample

240726-q8zktsvhme
MD5

2e061d79ccb09e656f6f7f7bad7d9071
SHA1

0a7db0a5d8073498a7768fd060575e41833f1061
SHA256

84687009a5881cfb01d7321ce57ed2fd28c4f7742678c8281d43f90bf2c0660d
SHA512

7c140a57d4acd30ba797cc4ad658d735e25c3a2179a14a389c59e34da0e83b81639c24a3387aa3310d41f61afb6290ae23bbc2ffc696a7f6930f8393146eac2e
SSDEEP

1536:FP6IJkQKZokRy3mdSGSzaZ+AFVzqUI+OXnhsuzeVTA34LjdsmUrYLP+vu4vSNGlf:RKq+6md/IacAVNYWMUsmUr+P+Vv8G

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  勒索12x 240726/1/19f80d6a588f3515d03eb9b8e0692baf1df7deeee827c2377e201ac0cadb78e4.exe
- Size
  
  18KB
- MD5
  
  01106a9779647bdd6b1cf425c36c53fc
- SHA1
  
  2a7adfbd4515c737858a0849302576421b186f33
- SHA256
  
  19f80d6a588f3515d03eb9b8e0692baf1df7deeee827c2377e201ac0cadb78e4
- SHA512
  
  2949a319be64da0a825008270daa47857cd8bed7b46afa3337bfc8a708a517784c06223d4b95f6e34878bc3273f13a0082b20df27eda526d2f2b71de74205a44
- SSDEEP
  
  384:0ZVL+cMdVyNq313v3U3BuBlgsshG4PLt:djQIl/E3sshGi
Score

5^/10
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  勒索12x 240726/1/5f34856bdbb5dae28dfa973096be5fe30b69227c676c667f7e37f6451439d11b.exe
- Size
  
  19KB
- MD5
  
  748f2510a5c15f07811891a010e24ba8
- SHA1
  
  f3496a96fa9eec32dee585b801e8ab2394a788a8
- SHA256
  
  5f34856bdbb5dae28dfa973096be5fe30b69227c676c667f7e37f6451439d11b
- SHA512
  
  7ed5695c81577a55f743cc97c9599137f1d922875745c6c9d16e3b726bba2d6b47b5330b98df99ccccc28f7065fc8ea0d6f5d2795e9b4e748f4b2c177269523b
- SSDEEP
  
  384:TzwwB8zNJNFz/fpfXMPfh+oOaB8BYsscKR4:fVKXflXWgoOXscKR4
Score

3^/10
behavioral3 behavioral4
- Target
  
  勒索12x 240726/1/9e98c9335528c966fbe9e11c53fdba7a7cd5c9760518df8e2563327f267ef813.exe
- Size
  
  19KB
- MD5
  
  5748b70d6f5bb5493c8feb5be989cb4a
- SHA1
  
  be2dfbb604f0e8fedc7baba45f2b57c036bcca09
- SHA256
  
  9e98c9335528c966fbe9e11c53fdba7a7cd5c9760518df8e2563327f267ef813
- SHA512
  
  1ada2ab320d1dd85e19e8a7cb599ba01156987288a0be845adf52f2784162ed4b3091a4f26b2ac8e6fb891a58d77798e32aac6e832875a2c8abb8690be2ac7b8
- SSDEEP
  
  384:HI7JwbID1RPaILma2Hx5TIVhOaB8BYXsAKRx:ohD1tbLmlDTWhOAsAKRx
Score

3^/10
behavioral5 behavioral6
- Target
  
  勒索12x 240726/1/b6a29f656a71657d48b6db75e9b929da8358bc937cdfee714fa4f6111f286488.exe
- Size
  
  19KB
- MD5
  
  5729ebeaacf1a715732a1df9eeefdc4a
- SHA1
  
  a3c331f0a986bda2a0b1a88d0167d70d2252d414
- SHA256
  
  b6a29f656a71657d48b6db75e9b929da8358bc937cdfee714fa4f6111f286488
- SHA512
  
  d1ba7122691174db6ae9e22b18247287b26b4c56486ba34b77ff56dcb32251845afe1774770adce67884cfc8d489504b533be7c882cb35c3de8fd037947f53eb
- SSDEEP
  
  384:b/wwN8zNJNFz/fpfXMPrh+oOaB8BYsscKRk:bVOXflXWkoOXscKRk
Score

3^/10
behavioral7 behavioral8
- Target
  
  勒索12x 240726/1/b7fb0600b6c1bd7c8adafc5a2f4e9dee0afe1a0a5c219e44dbe92fcb39ab6930.exe
- Size
  
  111KB
- MD5
  
  26a77ecd5cf48a570387f49a3915ea46
- SHA1
  
  944d362934f87254d32a6f370118af5b41b5eebc
- SHA256
  
  b7fb0600b6c1bd7c8adafc5a2f4e9dee0afe1a0a5c219e44dbe92fcb39ab6930
- SHA512
  
  e4d080bb86901f5954618319218a78e37824b6281468a8620be44ce83c2f2559dbc99acbf24db2a0802f8a82f9315dd5e3d596f235a7cde02862e40158efbab4
- SSDEEP
  
  3072:8Nxr4W396qI3szLyI2/B+d4WI/S81AaYmRl/jatN3:8j4SI3cg/BeGd1JatN3
Score

7^/10

discovery execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral10 behavioral9
- Target
  
  勒索12x 240726/1/e7f04f0ee06f2addd4f33ecddfd4981d5f7a05f0a596d02acb630cb5377beac0.exe
- Size
  
  19KB
- MD5
  
  f017de2a359a2993859c342757f6ab66
- SHA1
  
  5f8a9573823cd52614b337e1d2cd5e07796b7978
- SHA256
  
  e7f04f0ee06f2addd4f33ecddfd4981d5f7a05f0a596d02acb630cb5377beac0
- SHA512
  
  7b79e5c3dca730119519f6bd44fbe043fd2691b8e9738d054da87bf4eaad1aec43e2948659a702d1560fcf0b01344fcaf37db06a519f8cbe4c1c819d02b9de40
- SSDEEP
  
  384:Y/wwN8zNJNFz/fpfXMPth+oOaB8BYsscDRk:MVOXflXWeoOXscDRk
Score

3^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Checks computer location settings

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12