b87916c065155de71a35d26a0957f6b1d0423fdfc386499d382b83d1c4dcc49c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b87916c065155de71a35d26a0957f6b1d0423fdfc386499d382b83d1c4dcc49c
Size

155KB
Sample

240806-b81qkawapp
MD5

91a621e8b8a9e701f170edd813e728c9
SHA1

3c36703224366ee899b08ed410914df33ef70594
SHA256

b87916c065155de71a35d26a0957f6b1d0423fdfc386499d382b83d1c4dcc49c
SHA512

2b2ff72b1e5aec95c25bb291cc4f2370c930b6c3b72f38c5c1dff2fac635387a4a16941f1d87fc7357f72bbd03cdb981625a8045e6dcc8aa3b116e0053a0b647
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSRe7WpMaxeb0CYJ97lEYNR73e+eBS8:RqKvb0CYJ973e+eBS0qKvb0CYJ973e+A

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  b87916c065155de71a35d26a0957f6b1d0423fdfc386499d382b83d1c4dcc49c
- Size
  
  155KB
- MD5
  
  91a621e8b8a9e701f170edd813e728c9
- SHA1
  
  3c36703224366ee899b08ed410914df33ef70594
- SHA256
  
  b87916c065155de71a35d26a0957f6b1d0423fdfc386499d382b83d1c4dcc49c
- SHA512
  
  2b2ff72b1e5aec95c25bb291cc4f2370c930b6c3b72f38c5c1dff2fac635387a4a16941f1d87fc7357f72bbd03cdb981625a8045e6dcc8aa3b116e0053a0b647
- SSDEEP
  
  3072:6e7WpMaxeb0CYJ97lEYNR73e+eBSRe7WpMaxeb0CYJ97lEYNR73e+eBS8:RqKvb0CYJ973e+eBS0qKvb0CYJ973e+A
Score

9^/10

discovery ransomware
- Renames multiple (4096) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware