Resubmissions

10-10-2024 08:25

241010-kbaybasbja 10

10-10-2024 08:23

241010-kaceraxepp 10

General

  • Target

    222e2b91f5becea8c7c05883e4a58796a1f68628fbb0852b533fed08d8e9b853

  • Size

    224KB

  • Sample

    241010-kbaybasbja

  • MD5

    033acf3b0f699a39becdc71d3e2dddcc

  • SHA1

    5949c404aee552fc8ce29e3bf77bd08e54d37c59

  • SHA256

    222e2b91f5becea8c7c05883e4a58796a1f68628fbb0852b533fed08d8e9b853

  • SHA512

    604ba9e02ec18b8ad1005ec3d86970261925a1d2c198a975387beb62a9711012733b92e7641a5687af835cf1ddb5b6c6d732b33a12387a3a293ca08929f7fb50

  • SSDEEP

    3072:xtsD+K6k7UXP6ih6XULC9GHJkmm8GxTyPGryXdEekUuIiMi:4D+33P6Y6XGpY8G5yore3u5Mi

Malware Config

Targets

    • Target

      222e2b91f5becea8c7c05883e4a58796a1f68628fbb0852b533fed08d8e9b853

    • Size

      224KB

    • MD5

      033acf3b0f699a39becdc71d3e2dddcc

    • SHA1

      5949c404aee552fc8ce29e3bf77bd08e54d37c59

    • SHA256

      222e2b91f5becea8c7c05883e4a58796a1f68628fbb0852b533fed08d8e9b853

    • SHA512

      604ba9e02ec18b8ad1005ec3d86970261925a1d2c198a975387beb62a9711012733b92e7641a5687af835cf1ddb5b6c6d732b33a12387a3a293ca08929f7fb50

    • SSDEEP

      3072:xtsD+K6k7UXP6ih6XULC9GHJkmm8GxTyPGryXdEekUuIiMi:4D+33P6Y6XGpY8G5yore3u5Mi

    • Meow

      A ransomware that wipes unsecured databases first seen in Mid 2020.

    • Renames multiple (8026) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks