General

  • Target

    48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33.exe

  • Size

    9.0MB

  • Sample

    241006-jwjkhswbln

  • MD5

    889e6365d82a9a89b6c8c86d672b8f0c

  • SHA1

    59e293623e4fb828a29fb982d5ac9a4f993abc3b

  • SHA256

    48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33

  • SHA512

    cae479080f68f4f935a0694a5f948675c5c4be1a5dbcf437512af7f0ca801a129313daf915cefecbb62484b90c0579d1e50c9c4951bcc84dcdf5c814a8b231c0

  • SSDEEP

    24576:i09gMRNaC6s6Hp15O3N22845VjpQaRdQtzHmhwFb+a:nWAd6sQp15/VgV9RdQxHmhwFb+

Malware Config

Targets

    • Target

      48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33.exe

    • Size

      9.0MB

    • MD5

      889e6365d82a9a89b6c8c86d672b8f0c

    • SHA1

      59e293623e4fb828a29fb982d5ac9a4f993abc3b

    • SHA256

      48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33

    • SHA512

      cae479080f68f4f935a0694a5f948675c5c4be1a5dbcf437512af7f0ca801a129313daf915cefecbb62484b90c0579d1e50c9c4951bcc84dcdf5c814a8b231c0

    • SSDEEP

      24576:i09gMRNaC6s6Hp15O3N22845VjpQaRdQtzHmhwFb+a:nWAd6sQp15/VgV9RdQxHmhwFb+

    • Modifies Windows Defender Real-time Protection settings

    • Renames multiple (194) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks