38c72ebde26a44e45e15ce77b1f5f069b31190d069923212e88df653c09e5690 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38c72ebde26a44e45e15ce77b1f5f069b31190d069923212e88df653c09e5690
Size

168KB
Sample

240802-zctt5sygll
MD5

087504cded1644c245e958341e10a92f
SHA1

a5137ff3feec5b3e0651649d5f17605d8b0f2987
SHA256

38c72ebde26a44e45e15ce77b1f5f069b31190d069923212e88df653c09e5690
SHA512

3c9722050eca59df58673f2a65053666e8c9536356f9fabda2d49946e79c8e700aaa2e45f0734d0e871ea0771cdf04896a4a417c527ecf2fc625e0832bda619d
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSWMe7WpMaxeb0CYJ97lEYNR73e+eBSWT:RqKvb0CYJ973e+eBS4qKvb0CYJ973e+S

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  38c72ebde26a44e45e15ce77b1f5f069b31190d069923212e88df653c09e5690
- Size
  
  168KB
- MD5
  
  087504cded1644c245e958341e10a92f
- SHA1
  
  a5137ff3feec5b3e0651649d5f17605d8b0f2987
- SHA256
  
  38c72ebde26a44e45e15ce77b1f5f069b31190d069923212e88df653c09e5690
- SHA512
  
  3c9722050eca59df58673f2a65053666e8c9536356f9fabda2d49946e79c8e700aaa2e45f0734d0e871ea0771cdf04896a4a417c527ecf2fc625e0832bda619d
- SSDEEP
  
  3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSWMe7WpMaxeb0CYJ97lEYNR73e+eBSWT:RqKvb0CYJ973e+eBS4qKvb0CYJ973e+S
Score

9^/10

discovery ransomware
- Renames multiple (4055) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware