General

  • Target

    929b943716839f0757696c2314f34f62c2c0212220d6d3d35e813cd6d14637d9N

  • Size

    5.7MB

  • Sample

    241016-vkfj9s1bpf

  • MD5

    f69f1e83a0eb6553118f80754f0a1ec0

  • SHA1

    a20e4da9f93b8e912ac56ee6faf5141e16510d0a

  • SHA256

    929b943716839f0757696c2314f34f62c2c0212220d6d3d35e813cd6d14637d9

  • SHA512

    90fd702ffbfa4a96e90ef3354759a854de30ef0ed130d390bbc33bdea7e2130753c990319f89fac4d62ac61b9ebdb13448a79c79c31af686e1bf79a3430b577d

  • SSDEEP

    12288:zMMpXKb0hNGh1kG0HWNAuCsltHlYzO0i05/KUC:zMMpXS0hN0V0HDIHy/ii/I

Malware Config

Targets

    • Target

      929b943716839f0757696c2314f34f62c2c0212220d6d3d35e813cd6d14637d9N

    • Size

      5.7MB

    • MD5

      f69f1e83a0eb6553118f80754f0a1ec0

    • SHA1

      a20e4da9f93b8e912ac56ee6faf5141e16510d0a

    • SHA256

      929b943716839f0757696c2314f34f62c2c0212220d6d3d35e813cd6d14637d9

    • SHA512

      90fd702ffbfa4a96e90ef3354759a854de30ef0ed130d390bbc33bdea7e2130753c990319f89fac4d62ac61b9ebdb13448a79c79c31af686e1bf79a3430b577d

    • SSDEEP

      12288:zMMpXKb0hNGh1kG0HWNAuCsltHlYzO0i05/KUC:zMMpXS0hN0V0HDIHy/ii/I

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks