90caf076287a65fa20cf1f6944155b40d1cdc00add12500765cda339fefdcff2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72a55eb3903dc00f7cb81957e424e390N.exe
Size

139KB
Sample

240807-ghlrlssfql
MD5

72a55eb3903dc00f7cb81957e424e390
SHA1

4640a6cbf359d00f1a6a73e0422a2802f06f2448
SHA256

90caf076287a65fa20cf1f6944155b40d1cdc00add12500765cda339fefdcff2
SHA512

23d17e5b2eaa1880bfb1f1a9174c0391a4dfff414db1b492971e6119d2ca9fda910de07b496ac5c6783c197489e6ab0e6f8731437fcef4449a6e84b018e08057
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR7kzlSHe7WpMaxeb0CYJ97lEYNR7kzlSl:RqKvb0CYJ976qKvb0CYJ975

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  72a55eb3903dc00f7cb81957e424e390N.exe
- Size
  
  139KB
- MD5
  
  72a55eb3903dc00f7cb81957e424e390
- SHA1
  
  4640a6cbf359d00f1a6a73e0422a2802f06f2448
- SHA256
  
  90caf076287a65fa20cf1f6944155b40d1cdc00add12500765cda339fefdcff2
- SHA512
  
  23d17e5b2eaa1880bfb1f1a9174c0391a4dfff414db1b492971e6119d2ca9fda910de07b496ac5c6783c197489e6ab0e6f8731437fcef4449a6e84b018e08057
- SSDEEP
  
  3072:6e7WpMaxeb0CYJ97lEYNR7kzlSHe7WpMaxeb0CYJ97lEYNR7kzlSl:RqKvb0CYJ976qKvb0CYJ975
Score

9^/10

discovery ransomware
- Renames multiple (3883) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware