General

  • Target

    39147e74a00930d51308c92c44649dca94328d34c65808472f0f791aec6f4135

  • Size

    118KB

  • Sample

    241016-ysrjaazcnd

  • MD5

    3babef9db1a07b08defb5b976ed0778a

  • SHA1

    f92eb780c6169fe4eec3657acaa695c15e9fa95c

  • SHA256

    39147e74a00930d51308c92c44649dca94328d34c65808472f0f791aec6f4135

  • SHA512

    9982ec42b9d63a9561c1ae563f07ccb8d4886c07a1839231e7777901b05375a15e596257318c69e26b8368c37541b7a0bce0847224dbbf69fa1b461516cbdcdc

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TUcdb7Zf/FAxTWoJJ7TUcdAWw:fny1oIny1oD

Malware Config

Targets

    • Target

      39147e74a00930d51308c92c44649dca94328d34c65808472f0f791aec6f4135

    • Size

      118KB

    • MD5

      3babef9db1a07b08defb5b976ed0778a

    • SHA1

      f92eb780c6169fe4eec3657acaa695c15e9fa95c

    • SHA256

      39147e74a00930d51308c92c44649dca94328d34c65808472f0f791aec6f4135

    • SHA512

      9982ec42b9d63a9561c1ae563f07ccb8d4886c07a1839231e7777901b05375a15e596257318c69e26b8368c37541b7a0bce0847224dbbf69fa1b461516cbdcdc

    • SSDEEP

      1536:V7Zf/FAxTWoJJ7TUcdb7Zf/FAxTWoJJ7TUcdAWw:fny1oIny1oD

    • Renames multiple (4789) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks