General
-
Target
35c73d9658cc6fd41a0f9b7902c134cd878a745a1b704b3b214b5be24ef0067e
-
Size
122KB
-
Sample
240911-y49t1a1cpm
-
MD5
9cf983c54de50f8364394d1b90729aa5
-
SHA1
3fd6195960d8c333e5388c54ba2417c0584f9fdd
-
SHA256
35c73d9658cc6fd41a0f9b7902c134cd878a745a1b704b3b214b5be24ef0067e
-
SHA512
887061272cf9a30bb04f168d63ea1d0c97ddea3c6ea5f3e1f791913bfc75266c5799cb6a05f32b4f0a07a13a57cf7c5a34462971de638ff5a9c3f9978334afa6
-
SSDEEP
1536:wut769nQ3glQbFH2HXW5BUCuFwJbI+PoZS5Dw54WQ6DP31kzq2I//3yeE5JWYfLM:Ttm9n7QhTbnPoI4km26St/kjzMA
Malware Config
Targets
-
-
Target
35c73d9658cc6fd41a0f9b7902c134cd878a745a1b704b3b214b5be24ef0067e
-
Size
122KB
-
MD5
9cf983c54de50f8364394d1b90729aa5
-
SHA1
3fd6195960d8c333e5388c54ba2417c0584f9fdd
-
SHA256
35c73d9658cc6fd41a0f9b7902c134cd878a745a1b704b3b214b5be24ef0067e
-
SHA512
887061272cf9a30bb04f168d63ea1d0c97ddea3c6ea5f3e1f791913bfc75266c5799cb6a05f32b4f0a07a13a57cf7c5a34462971de638ff5a9c3f9978334afa6
-
SSDEEP
1536:wut769nQ3glQbFH2HXW5BUCuFwJbI+PoZS5Dw54WQ6DP31kzq2I//3yeE5JWYfLM:Ttm9n7QhTbnPoI4km26St/kjzMA
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (75) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4