General

  • Target

    Optimizer.exe

  • Size

    2.3MB

  • Sample

    241011-1tl2aswcna

  • MD5

    be3acdfb13e900b494aff01ac2fe3f2b

  • SHA1

    26077a1d80d44ec2012d85c33a5593834bb41879

  • SHA256

    2839b3e6f7bd5b3f530c2c4283ca5b16f6231358660a3ac05066fd432eab9bc9

  • SHA512

    b76e0948ccd4073792de6406fe66c332d54c1d03bb5435a1594bc85f1a15a73c497ef47ff55e2c343f7f765ac3c75ba941e8f7705275e8740278797816b89b27

  • SSDEEP

    24576:Em/7qyOl3F46cUMO34u+EC8vJ6qWwiBjk38WuBcAbwoA/BkjSHXP36RMG:dzqyOl3F46cUuEC8vYqWwiCSA/Bkj0

Malware Config

Targets

    • Target

      Optimizer.exe

    • Size

      2.3MB

    • MD5

      be3acdfb13e900b494aff01ac2fe3f2b

    • SHA1

      26077a1d80d44ec2012d85c33a5593834bb41879

    • SHA256

      2839b3e6f7bd5b3f530c2c4283ca5b16f6231358660a3ac05066fd432eab9bc9

    • SHA512

      b76e0948ccd4073792de6406fe66c332d54c1d03bb5435a1594bc85f1a15a73c497ef47ff55e2c343f7f765ac3c75ba941e8f7705275e8740278797816b89b27

    • SSDEEP

      24576:Em/7qyOl3F46cUMO34u+EC8vJ6qWwiBjk38WuBcAbwoA/BkjSHXP36RMG:dzqyOl3F46cUuEC8vYqWwiCSA/Bkj0

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Disables use of System Restore points

    • Event Triggered Execution: Image File Execution Options Injection

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

MITRE ATT&CK Enterprise v15

Tasks