25efb49cd900199b9ba592f758ed9e2c0ccba1c1de5eb447693ef4f91fba7538 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25efb49cd900199b9ba592f758ed9e2c0ccba1c1de5eb447693ef4f91fba7538N
Size

179KB
Sample

240921-s28k9szdma
MD5

4eb5460f9dbc5793b01e3206efa47da0
SHA1

d80a4a411d3d06d4063a6472397ae5f4d075b35c
SHA256

25efb49cd900199b9ba592f758ed9e2c0ccba1c1de5eb447693ef4f91fba7538
SHA512

db2368d6fbebbe3059882b7114449730003426de34ca1396f9e631bc8846998b02b805e9d279acc758a6e2ff4f60ae656219dc350800f4db155b76ed451e5941
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggbmdG3mdGHOo7Z9pApQESOHepOHb:69WpQE0zxgV9WpQE0zxgb

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  25efb49cd900199b9ba592f758ed9e2c0ccba1c1de5eb447693ef4f91fba7538N
- Size
  
  179KB
- MD5
  
  4eb5460f9dbc5793b01e3206efa47da0
- SHA1
  
  d80a4a411d3d06d4063a6472397ae5f4d075b35c
- SHA256
  
  25efb49cd900199b9ba592f758ed9e2c0ccba1c1de5eb447693ef4f91fba7538
- SHA512
  
  db2368d6fbebbe3059882b7114449730003426de34ca1396f9e631bc8846998b02b805e9d279acc758a6e2ff4f60ae656219dc350800f4db155b76ed451e5941
- SSDEEP
  
  1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggbmdG3mdGHOo7Z9pApQESOHepOHb:69WpQE0zxgV9WpQE0zxgb
Score

9^/10

discovery ransomware
- Renames multiple (3527) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware