General

  • Target

    windows.zip

  • Size

    87KB

  • Sample

    241018-fbt9qs1bpm

  • MD5

    6cecebc76efd45fcfa7cfbec5f383150

  • SHA1

    aa6808022d241e61c0571b428763d5ad8ca81918

  • SHA256

    f9bb467ddbc18aba13667abe99d2289d7c799c289aae1158e8f7460531bd56b7

  • SHA512

    bb48ae282f51ef2d9361abc99841fac73124a1dd9bf1c8ffec2f44ce0ef40a0191da9ee630a05a82a1856d81a5f9f4bd9b06a8075efa0edaeb38692c1b9f9fd1

  • SSDEEP

    1536:+EI0PWCSnmVULuvvUGaefV0fRNggB1h0h8rrUdA0laGqMJ+5cA4HYzbP00lh:+pGNQLuvsGaK0ZNgo88rodA0laGqMo5b

Malware Config

Targets

    • Target

      windows.exe

    • Size

      165KB

    • MD5

      31a77e0d1c1b91eebec1f7cdcc1ab8b8

    • SHA1

      6732c71c51a2ad68771984231f696f6e46708297

    • SHA256

      d5ca3e0e25d768769e4afda209aca1f563768dae79571a38e3070428f8adf031

    • SHA512

      a984d9ca1a618699557e3180f56e73904322ad1f31183b0553b1e4c3ff367a1d036ce9df8025195b87fadb163a67d26d7904ed943aff1860a232d19b3dcc6cd3

    • SSDEEP

      3072:wDv9ttA6pzarOLgSua/iw6kzgEloCGfq3lBxpN6bF9z1jTJ6NCFWQIZrV08JuuGs:wbloCGYlBxpNAFDMCFWTZrW8NGh0X++j

    • Renames multiple (382) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks