beb875b59ba4e2cbb9583f8765a018c9207f2f7e2d5c580ac5b595ebcc52525d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

beb875b59ba4e2cbb9583f8765a018c9207f2f7e2d5c580ac5b595ebcc52525dN
Size

194KB
Sample

240919-ex9qwa1apc
MD5

1057517ec53e90f7ea80ba73e97f1620
SHA1

e66eb9343a872a0d4ba89d250ae4351b1c02f7f2
SHA256

beb875b59ba4e2cbb9583f8765a018c9207f2f7e2d5c580ac5b595ebcc52525d
SHA512

0840bd7e35a9371aeb326642e82ec48e839577295261fd3447406e822a757cbc8a5a74e0a2703d666ae7d7c2a9fe416abeebf1e8b786ae482a07e67cca0e0309
SSDEEP

6144:RqlIyFESWu0SWuNSIJqlIyFESWu0SWuNSI0:tyD1yD0

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  beb875b59ba4e2cbb9583f8765a018c9207f2f7e2d5c580ac5b595ebcc52525dN
- Size
  
  194KB
- MD5
  
  1057517ec53e90f7ea80ba73e97f1620
- SHA1
  
  e66eb9343a872a0d4ba89d250ae4351b1c02f7f2
- SHA256
  
  beb875b59ba4e2cbb9583f8765a018c9207f2f7e2d5c580ac5b595ebcc52525d
- SHA512
  
  0840bd7e35a9371aeb326642e82ec48e839577295261fd3447406e822a757cbc8a5a74e0a2703d666ae7d7c2a9fe416abeebf1e8b786ae482a07e67cca0e0309
- SSDEEP
  
  6144:RqlIyFESWu0SWuNSIJqlIyFESWu0SWuNSI0:tyD1yD0
Score

9^/10

discovery ransomware
- Renames multiple (3516) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware