General
-
Target
a345d470738a428a10bf15194748beaa5627c75692d66d1016a01d30bc1cd5c0
-
Size
371KB
-
Sample
240909-rr4znasgjq
-
MD5
87d5535c6d94bef127f82f5fff6497bd
-
SHA1
a83ec32dfb1c590ebfd6e3233d81a0f3cbac0994
-
SHA256
a345d470738a428a10bf15194748beaa5627c75692d66d1016a01d30bc1cd5c0
-
SHA512
f37502876aaeaeb7b3e2e842485e7e00c6fcf5206824548970ec011a40f7303d8e48898069f36376dc92165f0652d4d890cc55cf46200af6191dc9598323bf65
-
SSDEEP
768:CU41Hv11ZX47nelShWFhdEod+QZnpLtx+:81HBoClShWFhdl+QdjQ
Malware Config
Targets
-
-
Target
a345d470738a428a10bf15194748beaa5627c75692d66d1016a01d30bc1cd5c0
-
Size
371KB
-
MD5
87d5535c6d94bef127f82f5fff6497bd
-
SHA1
a83ec32dfb1c590ebfd6e3233d81a0f3cbac0994
-
SHA256
a345d470738a428a10bf15194748beaa5627c75692d66d1016a01d30bc1cd5c0
-
SHA512
f37502876aaeaeb7b3e2e842485e7e00c6fcf5206824548970ec011a40f7303d8e48898069f36376dc92165f0652d4d890cc55cf46200af6191dc9598323bf65
-
SSDEEP
768:CU41Hv11ZX47nelShWFhdEod+QZnpLtx+:81HBoClShWFhdl+QdjQ
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (8065) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1