General

  • Target

    178abece6d823ce92f74adcf1523a603de00e7e1bb7917abc1fc17edab1bcd33N

  • Size

    118KB

  • Sample

    241018-g9rryasdjc

  • MD5

    64f28a1632484ea621ef55f9a8959630

  • SHA1

    72d112d958adc79c740f508653bb1aba065adfb3

  • SHA256

    178abece6d823ce92f74adcf1523a603de00e7e1bb7917abc1fc17edab1bcd33

  • SHA512

    527af51891747d6fab55bee9b687b31363f89a26298db0e3e0ecc556c543687fd39126cdd1c6a23311256224844229a0e8aae36258dad9b47ef8ba12f213dd35

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TUcd77Zf/FAxTWoJJ7TUcdT:fny1oQny1oW

Malware Config

Targets

    • Target

      178abece6d823ce92f74adcf1523a603de00e7e1bb7917abc1fc17edab1bcd33N

    • Size

      118KB

    • MD5

      64f28a1632484ea621ef55f9a8959630

    • SHA1

      72d112d958adc79c740f508653bb1aba065adfb3

    • SHA256

      178abece6d823ce92f74adcf1523a603de00e7e1bb7917abc1fc17edab1bcd33

    • SHA512

      527af51891747d6fab55bee9b687b31363f89a26298db0e3e0ecc556c543687fd39126cdd1c6a23311256224844229a0e8aae36258dad9b47ef8ba12f213dd35

    • SSDEEP

      1536:V7Zf/FAxTWoJJ7TUcd77Zf/FAxTWoJJ7TUcdT:fny1oQny1oW

    • Renames multiple (4160) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks