General
-
Target
Morgan.exe
-
Size
11KB
-
Sample
240820-nmn6vstamm
-
MD5
01caab63258fb65cb6a329bcfae7a697
-
SHA1
5e39a2080910eb773d052ca6d020ed0bf231fb96
-
SHA256
367d9dcd919816c6729d52094d945ecb4ab2bd5867074ca7b763b5b00d8e0b4e
-
SHA512
0499acf89ec3e0e0defffd02efbc1cc32f5bce17f54e849c8a8598eca7cf727f564a8c8ecd6a11a53af4d3d72cceea71dcd52f0449cfe1caf0b35d5b78e48564
-
SSDEEP
192:uQIIm/tv+vMEM1lIdoM5I0aTkuQthY8P7XYYsHQHrDkkCGmyGJVQ7eyWrl:fsgZWidD5mghY8P7oqHXaeGJV86r
Malware Config
Targets
-
-
Target
Morgan.exe
-
Size
11KB
-
MD5
01caab63258fb65cb6a329bcfae7a697
-
SHA1
5e39a2080910eb773d052ca6d020ed0bf231fb96
-
SHA256
367d9dcd919816c6729d52094d945ecb4ab2bd5867074ca7b763b5b00d8e0b4e
-
SHA512
0499acf89ec3e0e0defffd02efbc1cc32f5bce17f54e849c8a8598eca7cf727f564a8c8ecd6a11a53af4d3d72cceea71dcd52f0449cfe1caf0b35d5b78e48564
-
SSDEEP
192:uQIIm/tv+vMEM1lIdoM5I0aTkuQthY8P7XYYsHQHrDkkCGmyGJVQ7eyWrl:fsgZWidD5mghY8P7oqHXaeGJV86r
Score9/10-
Renames multiple (278) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Sets desktop wallpaper using registry
-