General
-
Target
5a4279f2e9db30729d1b26ca2325ca4e6fcbe2a4c54a1145f463a91a0fcab9c8
-
Size
210KB
-
Sample
240920-y1xp9swcmk
-
MD5
c230453585bac11b9b1236057959a373
-
SHA1
0fc40bdd398d3595b1bd027c7cffb22d9ab8325a
-
SHA256
5a4279f2e9db30729d1b26ca2325ca4e6fcbe2a4c54a1145f463a91a0fcab9c8
-
SHA512
03e8ce44f4194f22f2d0650f721900fc9567e8c32a071fd9c4062bb22559a892ec879aae9b737a5cd10933263f9bb3bd2a36b5c8885750b0c2ebf8d14fa90f08
-
SSDEEP
3072:6D3ZHz/kMhfXJsezq5hhAQwgmtdxxBG30kYhvvvvvvvjx2DAHD1v8S1QxA:2/ZXNWjm73o30fCOt
Malware Config
Targets
-
-
Target
5a4279f2e9db30729d1b26ca2325ca4e6fcbe2a4c54a1145f463a91a0fcab9c8
-
Size
210KB
-
MD5
c230453585bac11b9b1236057959a373
-
SHA1
0fc40bdd398d3595b1bd027c7cffb22d9ab8325a
-
SHA256
5a4279f2e9db30729d1b26ca2325ca4e6fcbe2a4c54a1145f463a91a0fcab9c8
-
SHA512
03e8ce44f4194f22f2d0650f721900fc9567e8c32a071fd9c4062bb22559a892ec879aae9b737a5cd10933263f9bb3bd2a36b5c8885750b0c2ebf8d14fa90f08
-
SSDEEP
3072:6D3ZHz/kMhfXJsezq5hhAQwgmtdxxBG30kYhvvvvvvvjx2DAHD1v8S1QxA:2/ZXNWjm73o30fCOt
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4