c4e0df0c2f07223b4af20e8f051e3b95126a50359c445f759480795e237108b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4e0df0c2f07223b4af20e8f051e3b95126a50359c445f759480795e237108b2
Size

112KB
Sample

241006-csl3xavama
MD5

358c83452475ee6015411258e346f70c
SHA1

fed6bf5d239e6879c42a86fbdd906bc5e4cb3d00
SHA256

c4e0df0c2f07223b4af20e8f051e3b95126a50359c445f759480795e237108b2
SHA512

a6f7d29eb83c2203f534466eda011ee04ad4e91cbe0cb3256c88fd2169a50d20317c90156591921f3e019e0cbea93e0ac55d90aa32eb40d902a8267f99f14a7b
SSDEEP

1536:/7ZQpAplJwsJwwnEp9QKQa7ZQpAplJwsJwwnEp9QKQ7F1:9QWpjnZfeQWpjnZf7F1

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  c4e0df0c2f07223b4af20e8f051e3b95126a50359c445f759480795e237108b2
- Size
  
  112KB
- MD5
  
  358c83452475ee6015411258e346f70c
- SHA1
  
  fed6bf5d239e6879c42a86fbdd906bc5e4cb3d00
- SHA256
  
  c4e0df0c2f07223b4af20e8f051e3b95126a50359c445f759480795e237108b2
- SHA512
  
  a6f7d29eb83c2203f534466eda011ee04ad4e91cbe0cb3256c88fd2169a50d20317c90156591921f3e019e0cbea93e0ac55d90aa32eb40d902a8267f99f14a7b
- SSDEEP
  
  1536:/7ZQpAplJwsJwwnEp9QKQa7ZQpAplJwsJwwnEp9QKQ7F1:9QWpjnZfeQWpjnZf7F1
Score

9^/10

discovery ransomware
- Renames multiple (4452) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware