19b334fff1cdd4beca44f6c5d4523733bc02c91082ce3315b65fa0ba99dd3b35 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19b334fff1cdd4beca44f6c5d4523733bc02c91082ce3315b65fa0ba99dd3b35
Size

70.4MB
Sample

240806-qkqm1stgqe
MD5

59cbc7d19ad3b31277130f40c9a4bf5e
SHA1

7fc7c5e0adae604d0ab272817d4c0c47031b85d5
SHA256

19b334fff1cdd4beca44f6c5d4523733bc02c91082ce3315b65fa0ba99dd3b35
SHA512

fdc541cb4c4a7386a7982184f25c2e61e88235052bcaab8c85305671ff8cf2b7e7ab8a410840e6123703cfe72022344d071fa9585045303730d0e4d2093b9ee2
SSDEEP

1572864:34gPXMojv8kWqiqxRCJY8EdyJX9FCwHVorZPLjKEpaMW59za07:34Ac7rqiqxRZ8p9Uw1q1LjEHzf7

Score

9^/10

discovery execution ransomware

Malware Config

Targets

- Target
  
  19b334fff1cdd4beca44f6c5d4523733bc02c91082ce3315b65fa0ba99dd3b35
- Size
  
  70.4MB
- MD5
  
  59cbc7d19ad3b31277130f40c9a4bf5e
- SHA1
  
  7fc7c5e0adae604d0ab272817d4c0c47031b85d5
- SHA256
  
  19b334fff1cdd4beca44f6c5d4523733bc02c91082ce3315b65fa0ba99dd3b35
- SHA512
  
  fdc541cb4c4a7386a7982184f25c2e61e88235052bcaab8c85305671ff8cf2b7e7ab8a410840e6123703cfe72022344d071fa9585045303730d0e4d2093b9ee2
- SSDEEP
  
  1572864:34gPXMojv8kWqiqxRCJY8EdyJX9FCwHVorZPLjKEpaMW59za07:34Ac7rqiqxRZ8p9Uw1q1LjEHzf7
Score

9^/10

discovery ransomware
- Renames multiple (230) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  resources/app.asar.unpacked/node_modules/uuid/dist/validate.js
- Size
  
  386B
- MD5
  
  f3a7e455690a980b18bedfe53560b6e7
- SHA1
  
  709016e24561ce187f887a1c6766e68514653584
- SHA256
  
  9a920509145d8a3e94e88247790e9db516b949cefa3032dc48ee9254ed975e8d
- SHA512
  
  f2d280f6d4941bb2a093fde559cf2a0addd80b21230b59edd7fd760d553a6597f031538ceebba5c4c43c367d8fb4f38b9cb0eae83ec1c7d6e15b2f506815e8ec
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  resources/app.asar.unpacked/node_modules/uuid/dist/version.js
- Size
  
  449B
- MD5
  
  eee6bf227e38e0b6104746652c7948a8
- SHA1
  
  a1a8cec22685dcaf6f2cb69b6922e8a679cb7bad
- SHA256
  
  8aafe5a328e940c625d6355c1fb0184efd64912e2b8ee65c0e25fe1f5c94d730
- SHA512
  
  35ab523a79f0474de02ed92306ba3585bfde5edda112ff731047879116d08de97fda59eaf0b84cf56806d1e3de9e1158b50289903e27f9960b4e3651604b4af1
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/index.js
- Size
  
  1KB
- MD5
  
  1fe0a7c54677438464e8bff640949070
- SHA1
  
  9aa8044a8d0136061d7cb7d6d941e85af6e7cff7
- SHA256
  
  65d3fa565a225f88f6ed6a5c090d6f3b0450cf2d47892dc49ba3faa7aaced25e
- SHA512
  
  ef3ae6a1fe9baad103a7eafa594a4072bbd512de6c47ec5c8f5d3aa71a0186f98d18b2888e76060ba11a8f143b8b08fc2cd65509df84b3322f2688b5e9447042
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/array.js
- Size
  
  1KB
- MD5
  
  6aab017689782568d7c904813a042acf
- SHA1
  
  dbffd73bf99cb6ecae275cc74dd7f31483c98f49
- SHA256
  
  12b4ef4db9509ac17bf835f9a05846d6822a0611aa4f61a23d6fc13010384a2e
- SHA512
  
  bf805337a7e9db9791494f1f520d816618fb53be085f159c159bdfc178c54140079311890e07af473e828e452273d582b1200a2dc7e7048d669e93e528fba737
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/bound.js
- Size
  
  824B
- MD5
  
  c3b851271ba244daf170e0516ea5ebe1
- SHA1
  
  047ea1a624a20c38913586b87eaf673a7e02b095
- SHA256
  
  88c9db1be9dd8f67f6d5688360a14d041dc4b2eee11575f100b510ec88631425
- SHA512
  
  55ea64698b48fac5bea09bb4dad3ba26012e5b2ce70615525570a73114534c8040d9678aa628332aba0eaba13e6b4662ad4cb7614b5fd5daa6ba6c28e88a5a44
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/buffer.js
- Size
  
  956B
- MD5
  
  bbbdcd7fcf00f97cf97b23eef8925cc5
- SHA1
  
  a04c1d676b92a93f3aba6bc72d7af6859d3e7573
- SHA256
  
  360478f1b5b97a9660a2e65303e427550435a3419a7f786603924a135c195682
- SHA512
  
  628a2534d9199f96ebfd5a89cdf429cd49cb758b28fa1af76b5a14cf8f3497ba50df1216e1967e5b1aa758b15ca3a6420a36ed8259806444fac9af10a22dedd5
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/numbers.js
- Size
  
  2KB
- MD5
  
  65f9f5f49372ed7c7e8f6d8709ee0d29
- SHA1
  
  a8f60531ce18a03c0298e5a4269f421dcd769b95
- SHA256
  
  cf74f8ab7648d3416b447867a04e9f2d6093d0bcdbbe4a36cd294c2c795d5218
- SHA512
  
  af7d8eebdf3ac3451844e0dea420f3bde3283ff9dd607ca1119e0c979e3da34ddc7020e5cb58c3dee4fe6aa15b303c014b6c0e4c6e94b7bb166ab8ceea44a474
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/object.js
- Size
  
  1KB
- MD5
  
  6c4292a38db1abb41c3438b98dc3ba6e
- SHA1
  
  88a1b04c8f49557d70b7004081cd096bc85a035e
- SHA256
  
  9eb597808fb2a95bff178fa4b741337fbb6ea8eb5adb610cd22f42aada816d5c
- SHA512
  
  4b505e9fa4968d0e2382757bdc8cc5bad7f689fae0dee91cea73ad40ef511ce335a2d242424c88575f7f86f89a0b1772ae10a3988af3e769ae37c848948c5269
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/sequence.js
- Size
  
  1KB
- MD5
  
  8b4441fefa19d9fdd635e59f8b6f9538
- SHA1
  
  f581e5241de082b0788aa5f79d12e74568970bde
- SHA256
  
  975c65a22aca52bc6a4629aaa0de42884ca08195a7dafe45874ed3b656de58da
- SHA512
  
  739b3cefad1e5045c47575b5a1fe642f064e03bd8fdace5e966e82d015109a1a7384cafdd7643704e76c6ef6062029e37849bf4fc689e74d517a2609a30d9bce
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/string.js
- Size
  
  707B
- MD5
  
  30fb63bbd745c18eca9bc9ee626c01a0
- SHA1
  
  3fa749709b2949bde3394641f2f96509b064c33f
- SHA256
  
  c4d44c325287a265c2419a7a203020f7fbbc0bb2e862ac48bfc3993c0fd54374
- SHA512
  
  26d66c18dd5ea0832f3f84296c5d9e035e8fdcda3f8c82100887c448ba651dfb879b8637248f867dfd223116a724d81f665c2f1cc8fb4aa6df0cdaa6c2f28741
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/vararray.js
- Size
  
  1KB
- MD5
  
  3a5e00cad334dc1aa0d701b992da038f
- SHA1
  
  ec3365b15a82292a183263b3f9f5aff10e71374b
- SHA256
  
  854f7561572a08c34c75e75e08ea0dbf889b825faab03a89ed6115bd0404a250
- SHA512
  
  8556c496a8a5c694acbc4c6be855a57a0577a2c2306fad0629b75ea0faf6aa9b8131878bbcc53fdb60ccfc05f9c3d7923816c4a88431f8e79735c8929374e8d4
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/varbuffer.js
- Size
  
  1KB
- MD5
  
  d754e361d71fa4ef1e8a14a7587d9096
- SHA1
  
  b040cfc3fd6ea71bde020bfb2a1c1ef8ab75a3cd
- SHA256
  
  a532021462ab0406cbdd7d3c2fb7a543870e4efc4dd9dfb77c6ab945a1f5ebdf
- SHA512
  
  925489c689dd29b05c68c657d0c67f41fb78fa399305a30532f4c2727c72d5f1e9227059b5662e5dee578e55c4f8bf85ed2c2dc1c95dea5f4238022d6368e4c3
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  resources/app.asar.unpacked/node_modules/varstruct/types/varstring.js
- Size
  
  1001B
- MD5
  
  db97e59fd56245330b524ae6dc86f686
- SHA1
  
  99edac816216a2dedacce8fc4d24eccc6cba2caf
- SHA256
  
  d0762b13ee90842d0dbb89ec08db96f9ed16c4a82c8e8a0851601a3424b3c84a
- SHA512
  
  5060daf97308628e07cbbed2fe86f92aebddcadfad2bbba0f50071c83f058485779ca7378934c28944d985e8fe160a6f5639091eb9c9feea70ceece9a66b7f48
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32