Overview
overview
10Static
static
10MailRanger...YZ.txt
windows10-2004-x64
1MailRanger...YZ.txt
windows11-21h2-x64
3MailRanger...er.exe
windows10-2004-x64
7MailRanger...er.exe
windows11-21h2-x64
7MailRanger.pyc
windows10-2004-x64
3MailRanger.pyc
windows11-21h2-x64
3MailRanger...te.exe
windows10-2004-x64
10MailRanger...te.exe
windows11-21h2-x64
10MailRanger...r2.ini
windows10-2004-x64
1MailRanger...r2.ini
windows11-21h2-x64
3MailRanger...!!.txt
windows10-2004-x64
1MailRanger...!!.txt
windows11-21h2-x64
3MailRanger/ServerList
windows10-2004-x64
1MailRanger/ServerList
windows11-21h2-x64
1MailRanger..._1.mp4
windows10-2004-x64
6MailRanger..._1.mp4
windows11-21h2-x64
6MailRanger...es.txt
windows10-2004-x64
1MailRanger...es.txt
windows11-21h2-x64
3Analysis
-
max time kernel
96s -
max time network
133s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-08-2024 21:06
Behavioral task
behavioral1
Sample
MailRanger/237K HQ Skull.XYZ.txt
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
MailRanger/237K HQ Skull.XYZ.txt
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
MailRanger/MailRanger.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
MailRanger/MailRanger.exe
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
MailRanger.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
MailRanger.pyc
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
MailRanger/MailUpdate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
MailRanger/MailUpdate.exe
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
MailRanger/Mailranger2.ini
Resource
win10v2004-20240802-en
Behavioral task
behavioral10
Sample
MailRanger/Mailranger2.ini
Resource
win11-20240802-en
Behavioral task
behavioral11
Sample
MailRanger/Przeczytaj!!!!.txt
Resource
win10v2004-20240802-en
Behavioral task
behavioral12
Sample
MailRanger/Przeczytaj!!!!.txt
Resource
win11-20240802-en
Behavioral task
behavioral13
Sample
MailRanger/ServerList
Resource
win10v2004-20240802-en
Behavioral task
behavioral14
Sample
MailRanger/ServerList
Resource
win11-20240802-en
Behavioral task
behavioral15
Sample
MailRanger/how to mail_1.mp4
Resource
win10v2004-20240802-en
Behavioral task
behavioral16
Sample
MailRanger/how to mail_1.mp4
Resource
win11-20240802-en
Behavioral task
behavioral17
Sample
MailRanger/socks4_proxies.txt
Resource
win10v2004-20240802-en
Behavioral task
behavioral18
Sample
MailRanger/socks4_proxies.txt
Resource
win11-20240802-en
General
-
Target
MailRanger/socks4_proxies.txt
-
Size
15KB
-
MD5
6e00109cfc1675d5de825f1b57f8f8ef
-
SHA1
d23c23d948f47d69fb298200bfcf6c8849d37488
-
SHA256
a003ef5204817b8c9249cdaa949aa87bdc55315afba57ec098cdee8c9870040d
-
SHA512
822de0e7281e4734a5297abb9eff77ef76e6e18cc93fb3edf556c9231b5608acbae20e44760dcaefb549944d13b62a446059f889e54de7fbc0428677d1be14aa
-
SSDEEP
192:cP3YMK5j88KaB+ZeQV7QA7mmrF0xpV96/Q56iDVx4y6siQJnTt0Oh8WCedl8QMH0:cPETy6D5pZzbxqr4
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings cmd.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2712 NOTEPAD.EXE -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1568 wrote to memory of 2712 1568 cmd.exe 83 PID 1568 wrote to memory of 2712 1568 cmd.exe 83
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\MailRanger\socks4_proxies.txt1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1568 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\MailRanger\socks4_proxies.txt2⤵
- Opens file in notepad (likely ransom note)
PID:2712
-