General
-
Target
danger.zip
-
Size
150KB
-
Sample
240807-a7ftbswbpn
-
MD5
9ebfe832029c90dbfa95b5edbf40c0bb
-
SHA1
0aa103c817a03cbd39473972490b06ef982cdbd7
-
SHA256
4c67e5fbf6064e76323c243ff39cc5595c69046552647c7cb41102c9fbae625c
-
SHA512
a30c17e9dc9905219b11b6f1e46e5b04eff69831bfd5996c1ef86e69970cbbf3aa2756c0d876a705f3565087f24ef8dafc6f22a81247782b4ac50bf2bf939ab1
-
SSDEEP
3072:mWlc0p+Hcmko7UaaQFP29ISax/SLUPgfey7r9e5JbAwSLyHlD:mWljycmk493t/SoPumJbSLW1
Malware Config
Targets
-
-
Target
78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
-
Size
205KB
-
MD5
887b35a87fb75e2d889694143e3c9014
-
SHA1
c8be4500127bfce10ab38152a8a5003b75613603
-
SHA256
78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae
-
SHA512
98cf0e201092e6d43a7ec5db4d80e6cc20ec9a983098b04597039b244535f78a4096b76bc62e591336b810fafa302e1009a64be6e788f24dcc8b3ac0c8eb930a
-
SSDEEP
3072:b2HPbwlPLBkWW+DrxsYwvif/Sx+YzM5ul7SaD82gHxoLoPTI1IL7vtJf:bYT0PLB3QNJz6uhbDju6c3LJl
Score9/10-
Renames multiple (301) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1