General

  • Target

    15dfab42bc789abd9035aa486bcd3f757b21f53f1758584fb890324f98c52420N

  • Size

    335KB

  • Sample

    241006-m97faavfqd

  • MD5

    418156eab2afbc8846182dce241b3bc0

  • SHA1

    790ea27b69b2a31c839cfe7854b6b7255701831f

  • SHA256

    15dfab42bc789abd9035aa486bcd3f757b21f53f1758584fb890324f98c52420

  • SHA512

    f10ddf9527325443e4b9707c128e036c26052dbeae1979afeda2032bd9f83cbfdc26644529de3783c3a250f365865987ae41b9f0bd91422d4b7065a901764c92

  • SSDEEP

    6144:JES9G+XfoMI4Th6wJHih08Yy1YGgriYxP5lVJpG0y8JMjF+qmHDcW3d:X9GSIyHuYy1HYxP5lPpJMjsHDcGd

Malware Config

Targets

    • Target

      15dfab42bc789abd9035aa486bcd3f757b21f53f1758584fb890324f98c52420N

    • Size

      335KB

    • MD5

      418156eab2afbc8846182dce241b3bc0

    • SHA1

      790ea27b69b2a31c839cfe7854b6b7255701831f

    • SHA256

      15dfab42bc789abd9035aa486bcd3f757b21f53f1758584fb890324f98c52420

    • SHA512

      f10ddf9527325443e4b9707c128e036c26052dbeae1979afeda2032bd9f83cbfdc26644529de3783c3a250f365865987ae41b9f0bd91422d4b7065a901764c92

    • SSDEEP

      6144:JES9G+XfoMI4Th6wJHih08Yy1YGgriYxP5lVJpG0y8JMjF+qmHDcW3d:X9GSIyHuYy1HYxP5lPpJMjsHDcGd

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (83) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks