493d98aded51268bf459372ef3e7a513440c35b305bee3084424b90e70bef21f | Triage

Sharing

General

Target

493d98aded51268bf459372ef3e7a513440c35b305bee3084424b90e70bef21fN
Size

86KB
Sample

240921-eqgrhsvapq
MD5

9a8fe599ebb8256bea3892d9fdaccea0
SHA1

970ea0f9415b8df2d4ea3ef95d99fe21765fb9ea
SHA256

493d98aded51268bf459372ef3e7a513440c35b305bee3084424b90e70bef21f
SHA512

b441fe455a55bce6c656135b8768e0a10b55c080f8cdf61584e3b93daba6dbfa1360540cd744d4e9b7696cf8981712f8e00fee97860ebcccdde8d473c3137e77
SSDEEP

768:W7Blp2sspARFbhrYL7Blp2sspARFbhrYJSv:W7Z2sspApr07Z2sspAprASv

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  493d98aded51268bf459372ef3e7a513440c35b305bee3084424b90e70bef21fN
- Size
  
  86KB
- MD5
  
  9a8fe599ebb8256bea3892d9fdaccea0
- SHA1
  
  970ea0f9415b8df2d4ea3ef95d99fe21765fb9ea
- SHA256
  
  493d98aded51268bf459372ef3e7a513440c35b305bee3084424b90e70bef21f
- SHA512
  
  b441fe455a55bce6c656135b8768e0a10b55c080f8cdf61584e3b93daba6dbfa1360540cd744d4e9b7696cf8981712f8e00fee97860ebcccdde8d473c3137e77
- SSDEEP
  
  768:W7Blp2sspARFbhrYL7Blp2sspARFbhrYJSv:W7Z2sspApr07Z2sspAprASv
Score

9^/10

discovery ransomware
- Renames multiple (4448) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware