General

  • Target

    e6968939d7866526c8f2f891a48256f820a9e02ced58ab2b370e11d5a256872bN

  • Size

    69KB

  • Sample

    241005-zxyzlasfrm

  • MD5

    7caed4ba676b1b6ba581c0d68ccc1b40

  • SHA1

    652bb85d6725cf984a13457c4480440d57b1c368

  • SHA256

    e6968939d7866526c8f2f891a48256f820a9e02ced58ab2b370e11d5a256872b

  • SHA512

    e91909a6c471b9ded4a970d61b4aa791ba1edd3658e19e7e1a1b79822fc225f2285aef181eafda6375a3724e7cee66b51166c6bc0e0f773dafac2c81cf84c742

  • SSDEEP

    1536:CTW7JJZENTBHfiPjTW7JJZENTBHfiP8Y9Yu:htErtEPY7

Malware Config

Targets

    • Target

      e6968939d7866526c8f2f891a48256f820a9e02ced58ab2b370e11d5a256872bN

    • Size

      69KB

    • MD5

      7caed4ba676b1b6ba581c0d68ccc1b40

    • SHA1

      652bb85d6725cf984a13457c4480440d57b1c368

    • SHA256

      e6968939d7866526c8f2f891a48256f820a9e02ced58ab2b370e11d5a256872b

    • SHA512

      e91909a6c471b9ded4a970d61b4aa791ba1edd3658e19e7e1a1b79822fc225f2285aef181eafda6375a3724e7cee66b51166c6bc0e0f773dafac2c81cf84c742

    • SSDEEP

      1536:CTW7JJZENTBHfiPjTW7JJZENTBHfiP8Y9Yu:htErtEPY7

    • Renames multiple (3501) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks