General

  • Target

    4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8.exe

  • Size

    20.3MB

  • Sample

    241006-jyts9szemd

  • MD5

    57e7e2151ac4443d3a30d61d4426428a

  • SHA1

    b2adca307d1f5d1c92cfcdac269ccf269bd8155a

  • SHA256

    4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8

  • SHA512

    80059d4d6758ae455bb6dc249454e8ae02817e22818a5faf3187eb8e57ea7889aaac7ecafb39e212d5aac08b6f7c0ef1e85314d84679dbddb45d6862a71f4702

  • SSDEEP

    98304:l3sDoRRIfzszbsaX2gRZsn9nuzNexSpFEYD43v:aDoR+zszbsaX2gRZsn9nuUxSQY03v

Malware Config

Targets

    • Target

      4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8.exe

    • Size

      20.3MB

    • MD5

      57e7e2151ac4443d3a30d61d4426428a

    • SHA1

      b2adca307d1f5d1c92cfcdac269ccf269bd8155a

    • SHA256

      4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8

    • SHA512

      80059d4d6758ae455bb6dc249454e8ae02817e22818a5faf3187eb8e57ea7889aaac7ecafb39e212d5aac08b6f7c0ef1e85314d84679dbddb45d6862a71f4702

    • SSDEEP

      98304:l3sDoRRIfzszbsaX2gRZsn9nuzNexSpFEYD43v:aDoR+zszbsaX2gRZsn9nuUxSQY03v

    • Renames multiple (872) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks