2c9f4b12528c5fe7f63dfd2726b7a4e2ad8d20040c4fa3c4c024cc88b5e84e06

Resubmissions

13-08-2024 12:55

240813-p5s37svarb 9

03-08-2024 05:56

240803-gng1lsvfnn 9

29-07-2024 17:59

240729-wkpzdawhlc 9

29-07-2024 13:14

240729-qg3heazdpj 9

Sharing

Copy URL

Twitter E-mail

General

Target

18408476645.zip
Size

91KB
Sample

240729-qg3heazdpj
MD5

e488d51793fec752a64b0834defb9d1d
SHA1

3941750c3a1565c766f26d9f480df70545652f50
SHA256

2c9f4b12528c5fe7f63dfd2726b7a4e2ad8d20040c4fa3c4c024cc88b5e84e06
SHA512

5d544bbba25a4abdd639e07d7a69f7e4b77b8300cb25145fb8abd5bb50588dd20537477744ee8b14d44e90144247e945114cf3bd16b425fbc00d6a84940f1ac2
SSDEEP

1536:4XTtCo2CDTGTy24UqVTBfLzYsmzl5SMaQMk8reCyKo8z5ke7+9U:4XGh8BfvYXu3qfK+e69U

Score

9^/10

Malware Config

Targets

- Target
  
  18408476645.zip
- Size
  
  91KB
- MD5
  
  e488d51793fec752a64b0834defb9d1d
- SHA1
  
  3941750c3a1565c766f26d9f480df70545652f50
- SHA256
  
  2c9f4b12528c5fe7f63dfd2726b7a4e2ad8d20040c4fa3c4c024cc88b5e84e06
- SHA512
  
  5d544bbba25a4abdd639e07d7a69f7e4b77b8300cb25145fb8abd5bb50588dd20537477744ee8b14d44e90144247e945114cf3bd16b425fbc00d6a84940f1ac2
- SSDEEP
  
  1536:4XTtCo2CDTGTy24UqVTBfLzYsmzl5SMaQMk8reCyKo8z5ke7+9U:4XGh8BfvYXu3qfK+e69U
Score

1^/10
behavioral1 behavioral2
- Target
  
  eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc
- Size
  
  162KB
- MD5
  
  7e851829ee37bc0cf65a268d1d1baa7a
- SHA1
  
  672553c79db2a3859a8ea216804d4ff8d2ded538
- SHA256
  
  eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc
- SHA512
  
  856c6d27669b3123064d85adbc119414f5418f80bbbc9f85f4575df97cf34d1f4ab96fab5442a337ac6a90c076ba5af835f5286cb403acfb3a1e4fc5d0834ebd
- SSDEEP
  
  3072:rjvNTtA6pzarOLgSua/iw6kzg3qe1PTjrnFFMVUT6tSTC6D1vtPR1DO66ddJpW3h:r72qe1PTjrnf/KMR1j6df01fiuAP3xFm
Score

9^/10

discovery ransomware credential_access stealer
- Renames multiple (386) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Windows Credential Manager

T1555.004

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Renames multiple (386) files with added filename extension

Credentials from Password Stores: Windows Credential Manager

Enumerates connected drives

Drops file in System32 directory

Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4