General

  • Target

    b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72N

  • Size

    93KB

  • Sample

    241006-kfxb4szgrf

  • MD5

    97a110779bd4ef46c769942fcc8ce550

  • SHA1

    9d8a4bb7149dd594a43093fce59c79b97b894833

  • SHA256

    b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72

  • SHA512

    f0a6c33bb14a77023b218c81a7153a973f634281d662ae634f077e3102336f64f7cbe8a5f801a9c5d95c3484ce0e4c4832bf056821a408bf9df71937980cd73c

  • SSDEEP

    1536:pRpe57NPxRr7Xy/HdMJm4oFnYFKlOEYbilUCKk1dqDWCm8e6tu/xywhaoUTfcQ:ENLr7i/mFoFnYAclidxp8eSuDaozQ

Malware Config

Targets

    • Target

      b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72N

    • Size

      93KB

    • MD5

      97a110779bd4ef46c769942fcc8ce550

    • SHA1

      9d8a4bb7149dd594a43093fce59c79b97b894833

    • SHA256

      b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72

    • SHA512

      f0a6c33bb14a77023b218c81a7153a973f634281d662ae634f077e3102336f64f7cbe8a5f801a9c5d95c3484ce0e4c4832bf056821a408bf9df71937980cd73c

    • SSDEEP

      1536:pRpe57NPxRr7Xy/HdMJm4oFnYFKlOEYbilUCKk1dqDWCm8e6tu/xywhaoUTfcQ:ENLr7i/mFoFnYAclidxp8eSuDaozQ

    • Renames multiple (175) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks