Resubmissions

13-08-2024 12:55

240813-p5s37svarb 9

03-08-2024 05:56

240803-gng1lsvfnn 9

29-07-2024 17:59

240729-wkpzdawhlc 9

29-07-2024 13:14

240729-qg3heazdpj 9

General

  • Target

    18408476645.zip

  • Size

    91KB

  • Sample

    240803-gng1lsvfnn

  • MD5

    e488d51793fec752a64b0834defb9d1d

  • SHA1

    3941750c3a1565c766f26d9f480df70545652f50

  • SHA256

    2c9f4b12528c5fe7f63dfd2726b7a4e2ad8d20040c4fa3c4c024cc88b5e84e06

  • SHA512

    5d544bbba25a4abdd639e07d7a69f7e4b77b8300cb25145fb8abd5bb50588dd20537477744ee8b14d44e90144247e945114cf3bd16b425fbc00d6a84940f1ac2

  • SSDEEP

    1536:4XTtCo2CDTGTy24UqVTBfLzYsmzl5SMaQMk8reCyKo8z5ke7+9U:4XGh8BfvYXu3qfK+e69U

Malware Config

Targets

    • Target

      eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc

    • Size

      162KB

    • MD5

      7e851829ee37bc0cf65a268d1d1baa7a

    • SHA1

      672553c79db2a3859a8ea216804d4ff8d2ded538

    • SHA256

      eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc

    • SHA512

      856c6d27669b3123064d85adbc119414f5418f80bbbc9f85f4575df97cf34d1f4ab96fab5442a337ac6a90c076ba5af835f5286cb403acfb3a1e4fc5d0834ebd

    • SSDEEP

      3072:rjvNTtA6pzarOLgSua/iw6kzg3qe1PTjrnFFMVUT6tSTC6D1vtPR1DO66ddJpW3h:r72qe1PTjrnf/KMR1j6df01fiuAP3xFm

    • Renames multiple (404) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks