General

  • Target

    f1a47b64d55be8af465cb9614833cd4d85698bc8186cf00143133147ce822a27N

  • Size

    2.1MB

  • Sample

    241019-2zg5zavajd

  • MD5

    9ef05474963ac2163b3fd86c64ed7110

  • SHA1

    47d25c1e8ede2fb2cc7c88e5d22182969aedc58a

  • SHA256

    f1a47b64d55be8af465cb9614833cd4d85698bc8186cf00143133147ce822a27

  • SHA512

    31da3f6f48a5434abdc530bcc2c20b1f62784c48a0a075fb51bd4bc6f73e5e6feaca690fe3bbabf8d3627c59fcefcbaa209f24a1aecc205b5b91e922c44b4427

  • SSDEEP

    49152:9mHMJuQ9mhkjgMj7SwYfy3V8VD01yPiI4cCd2ilpXHJT8mpaZQWnqqr9wJI6S7RW:Anq29lFHon9X5Iddq41Lxry

Malware Config

Targets

    • Target

      f1a47b64d55be8af465cb9614833cd4d85698bc8186cf00143133147ce822a27N

    • Size

      2.1MB

    • MD5

      9ef05474963ac2163b3fd86c64ed7110

    • SHA1

      47d25c1e8ede2fb2cc7c88e5d22182969aedc58a

    • SHA256

      f1a47b64d55be8af465cb9614833cd4d85698bc8186cf00143133147ce822a27

    • SHA512

      31da3f6f48a5434abdc530bcc2c20b1f62784c48a0a075fb51bd4bc6f73e5e6feaca690fe3bbabf8d3627c59fcefcbaa209f24a1aecc205b5b91e922c44b4427

    • SSDEEP

      49152:9mHMJuQ9mhkjgMj7SwYfy3V8VD01yPiI4cCd2ilpXHJT8mpaZQWnqqr9wJI6S7RW:Anq29lFHon9X5Iddq41Lxry

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks