General

  • Target

    9b2f11f46ae0b7bf3da9f91916552a201c67c2de48308af8d457c9779b771b90N

  • Size

    235KB

  • Sample

    241016-th1lzsybmg

  • MD5

    d2a889df2d7234b8ee9e5fd82e25a370

  • SHA1

    02073eefeecd47dbcd34f5f3ca853ce7c77657c9

  • SHA256

    9b2f11f46ae0b7bf3da9f91916552a201c67c2de48308af8d457c9779b771b90

  • SHA512

    78d6d7e902659fc0735d1527e2632a2681c3cdf751b0dcf326462cffeb5925ec183025e00e7464eb2d71d101f2793bf23119e18ea44aac0f89220fc21408589d

  • SSDEEP

    6144:QRdc/tjq8A2asMGjxxwo7c5qMPgaVxJbVa:QRl8Awt4F5qM4SJ8

Malware Config

Targets

    • Target

      9b2f11f46ae0b7bf3da9f91916552a201c67c2de48308af8d457c9779b771b90N

    • Size

      235KB

    • MD5

      d2a889df2d7234b8ee9e5fd82e25a370

    • SHA1

      02073eefeecd47dbcd34f5f3ca853ce7c77657c9

    • SHA256

      9b2f11f46ae0b7bf3da9f91916552a201c67c2de48308af8d457c9779b771b90

    • SHA512

      78d6d7e902659fc0735d1527e2632a2681c3cdf751b0dcf326462cffeb5925ec183025e00e7464eb2d71d101f2793bf23119e18ea44aac0f89220fc21408589d

    • SSDEEP

      6144:QRdc/tjq8A2asMGjxxwo7c5qMPgaVxJbVa:QRl8Awt4F5qM4SJ8

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (63) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks