General

  • Target

    f064fdae90eb08725d31f45ce5a841f100dccb69f2e86aade60caacc5e00357f

  • Size

    597KB

  • Sample

    241018-e6am5szhjq

  • MD5

    8a170916829e7dc5050e01239295816b

  • SHA1

    88b9122b48fb978ccd68b6307b611efee825a4e5

  • SHA256

    f064fdae90eb08725d31f45ce5a841f100dccb69f2e86aade60caacc5e00357f

  • SHA512

    f33c72df1811caaff95a8999aef9b30b13e84320acc8a69f5a201a7df84f70f246b71335d1ca41e147b0c515444037c6607ad9a2f3af2a8fb54971fc6249f154

  • SSDEEP

    12288:huRLcoPCD0topDwCI6IKbEQs2SHXoBGWwDd0qRsfffGLjCTNcp:yLcoPC0GpU6IKbEQs2SEXqRs3UCZ4

Malware Config

Targets

    • Target

      f064fdae90eb08725d31f45ce5a841f100dccb69f2e86aade60caacc5e00357f

    • Size

      597KB

    • MD5

      8a170916829e7dc5050e01239295816b

    • SHA1

      88b9122b48fb978ccd68b6307b611efee825a4e5

    • SHA256

      f064fdae90eb08725d31f45ce5a841f100dccb69f2e86aade60caacc5e00357f

    • SHA512

      f33c72df1811caaff95a8999aef9b30b13e84320acc8a69f5a201a7df84f70f246b71335d1ca41e147b0c515444037c6607ad9a2f3af2a8fb54971fc6249f154

    • SSDEEP

      12288:huRLcoPCD0topDwCI6IKbEQs2SHXoBGWwDd0qRsfffGLjCTNcp:yLcoPC0GpU6IKbEQs2SEXqRs3UCZ4

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (61) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks