General

  • Target

    a700d7d5e5118b1b2276ebfa7efa34d9b325b68a68f6c4f5cd920b09fc2fad78N

  • Size

    194KB

  • Sample

    241019-1n33ma1cjd

  • MD5

    3474d1143dcc52e32b6a31d3c94ff060

  • SHA1

    7dc374e47e2b070a5554a075986d8929ac28b268

  • SHA256

    a700d7d5e5118b1b2276ebfa7efa34d9b325b68a68f6c4f5cd920b09fc2fad78

  • SHA512

    a6c91239990141e2ef0184a08d68851b28981450a9ebf6a876ad862b0049b2e3ff11c23d34535a2a17eb06502975d9982a921bca08786fc5135b3c449372ea02

  • SSDEEP

    3072:TZV4fto27ob/QofgTwba+mvVZDysWvUhWp17hxvlmuuOX7uA97:TvBgob/QoBcVZuRUYhxsuT7uAp

Malware Config

Targets

    • Target

      a700d7d5e5118b1b2276ebfa7efa34d9b325b68a68f6c4f5cd920b09fc2fad78N

    • Size

      194KB

    • MD5

      3474d1143dcc52e32b6a31d3c94ff060

    • SHA1

      7dc374e47e2b070a5554a075986d8929ac28b268

    • SHA256

      a700d7d5e5118b1b2276ebfa7efa34d9b325b68a68f6c4f5cd920b09fc2fad78

    • SHA512

      a6c91239990141e2ef0184a08d68851b28981450a9ebf6a876ad862b0049b2e3ff11c23d34535a2a17eb06502975d9982a921bca08786fc5135b3c449372ea02

    • SSDEEP

      3072:TZV4fto27ob/QofgTwba+mvVZDysWvUhWp17hxvlmuuOX7uA97:TvBgob/QoBcVZuRUYhxsuT7uAp

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (53) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks