General

  • Target

    157f985c23bf27d9e945e9cd187c4c29aa96772a9203a66bf6ae2a624797e36eN

  • Size

    114KB

  • Sample

    241017-2zkwvs1gpd

  • MD5

    2d963d84cf1785c2e2cc7ec872946df0

  • SHA1

    5173a3cf607c831438887ef1dbac885eef8de7ff

  • SHA256

    157f985c23bf27d9e945e9cd187c4c29aa96772a9203a66bf6ae2a624797e36e

  • SHA512

    75c1c6ff1f4966f547fe444958136807d611d62c08b8a97a768e0a0aaf61424adbd36fa176c0558d0a1975ea19680203077f15a555f0f75befbf186f54936728

  • SSDEEP

    1536:VdcYrDb6/Wy5DYw/C0S66DPaVot3p60YMenW9UncLHH5pBiHazsaeM:VdcYTOP5DYw81t3YMlZHH5V

Malware Config

Targets

    • Target

      157f985c23bf27d9e945e9cd187c4c29aa96772a9203a66bf6ae2a624797e36eN

    • Size

      114KB

    • MD5

      2d963d84cf1785c2e2cc7ec872946df0

    • SHA1

      5173a3cf607c831438887ef1dbac885eef8de7ff

    • SHA256

      157f985c23bf27d9e945e9cd187c4c29aa96772a9203a66bf6ae2a624797e36e

    • SHA512

      75c1c6ff1f4966f547fe444958136807d611d62c08b8a97a768e0a0aaf61424adbd36fa176c0558d0a1975ea19680203077f15a555f0f75befbf186f54936728

    • SSDEEP

      1536:VdcYrDb6/Wy5DYw/C0S66DPaVot3p60YMenW9UncLHH5pBiHazsaeM:VdcYTOP5DYw81t3YMlZHH5V

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (84) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks