General

  • Target

    04eec1936a56eb9d20246f1ca4646b314af42afe13be8111d54fb64b8f069261N

  • Size

    118KB

  • Sample

    241018-ayzj3sydlr

  • MD5

    4555c1a5bcf0854f48bfe67913cb9e60

  • SHA1

    a3cc6737c27b31b8e10f35dd2906c63a71024fa2

  • SHA256

    04eec1936a56eb9d20246f1ca4646b314af42afe13be8111d54fb64b8f069261

  • SHA512

    149de3afab6db378bdfcd2319ea9401ee35e681a4808ebc6d15b5b5486f4e22f83e174123f0f3a4b36472abaa880fc6752e7f88bacda8fe48283a1e9727d7678

  • SSDEEP

    3072:+X23QpquDT2cWo3Ow3IQPIz3plA7hCQxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe:r3FuX2cNIweDflUi

Malware Config

Targets

    • Target

      04eec1936a56eb9d20246f1ca4646b314af42afe13be8111d54fb64b8f069261N

    • Size

      118KB

    • MD5

      4555c1a5bcf0854f48bfe67913cb9e60

    • SHA1

      a3cc6737c27b31b8e10f35dd2906c63a71024fa2

    • SHA256

      04eec1936a56eb9d20246f1ca4646b314af42afe13be8111d54fb64b8f069261

    • SHA512

      149de3afab6db378bdfcd2319ea9401ee35e681a4808ebc6d15b5b5486f4e22f83e174123f0f3a4b36472abaa880fc6752e7f88bacda8fe48283a1e9727d7678

    • SSDEEP

      3072:+X23QpquDT2cWo3Ow3IQPIz3plA7hCQxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe:r3FuX2cNIweDflUi

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (80) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks