General

  • Target

    814efbd86c0d4e11bfeb5b4bc06c1b6f378455837789637ce581b22777b3a81f.zip

  • Size

    454KB

  • Sample

    240807-b6mqxsxdkn

  • MD5

    b4846c3e7760fa7e3c6bb407dcc1324d

  • SHA1

    a7f24a1619f4aab759aee73cb78b22d289a663bd

  • SHA256

    2ddd54c5c3e3c5453b3818eff64f1cf3c207a3d2f3ef98bdf89f2c8998ac1ec1

  • SHA512

    550314da63b7e3ba11b22951edc62c22dc6f71d0e4e40206dcf65dd0b616f5aa66499665af00e298800d5d8ff2297f6ec7aa2040610674b3d72ec424e4c9a08b

  • SSDEEP

    12288:GU0xDYgNXcG3oPuZPyt5xbLhQIMOKDadu9oyzmzy6FZ:GU0hwPaPQXPhQAKB9P2y6FZ

Malware Config

Targets

    • Target

      814efbd86c0d4e11bfeb5b4bc06c1b6f378455837789637ce581b22777b3a81f

    • Size

      1.0MB

    • MD5

      69a45130e5e5aadaae4f023c6ea37725

    • SHA1

      28e1f0d8e479597f4d7b20c43bc8044482ebbc74

    • SHA256

      814efbd86c0d4e11bfeb5b4bc06c1b6f378455837789637ce581b22777b3a81f

    • SHA512

      357f9b5aca858c8a77b124674c4469a760cf7db340263217d02787eebeccef3c2e13676a8fbe44336cee6b3d3ff189b12ee197f4da6584be0ec6b9cedd7dc807

    • SSDEEP

      24576:6QMc/LMx3+ZoXdEwZuS2+gYUdX4h3dHt:668uZoNEwBg3XSJ

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks