5baa3cb6de66f52ff3e55198bcf319df6777e2a0cefc5132e359f7913dbc03d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5baa3cb6de66f52ff3e55198bcf319df6777e2a0cefc5132e359f7913dbc03d2
Size

174KB
Sample

240808-1m1wwatgrf
MD5

33afc20880a0f0877d50712bfa000b2c
SHA1

5b5b9f78af37c3bc6878464b91f09b4d5730c39b
SHA256

5baa3cb6de66f52ff3e55198bcf319df6777e2a0cefc5132e359f7913dbc03d2
SHA512

51632fb8f5c174df8c0f82854b56e39179252dd51085522d64614bdf1c37d5aee8a3c3925e455b5c6bfb954579e92b5ce7821383fc11b43b047b9fbc2c3081af
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB7:PqFF2Ie+eFYDLqFF2Ie+eFYDY

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  5baa3cb6de66f52ff3e55198bcf319df6777e2a0cefc5132e359f7913dbc03d2
- Size
  
  174KB
- MD5
  
  33afc20880a0f0877d50712bfa000b2c
- SHA1
  
  5b5b9f78af37c3bc6878464b91f09b4d5730c39b
- SHA256
  
  5baa3cb6de66f52ff3e55198bcf319df6777e2a0cefc5132e359f7913dbc03d2
- SHA512
  
  51632fb8f5c174df8c0f82854b56e39179252dd51085522d64614bdf1c37d5aee8a3c3925e455b5c6bfb954579e92b5ce7821383fc11b43b047b9fbc2c3081af
- SSDEEP
  
  3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB7:PqFF2Ie+eFYDLqFF2Ie+eFYDY
Score

9^/10

discovery ransomware
- Renames multiple (4603) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware