General

  • Target

    8615704a3f4fe08fe67546a2a9efa2846a4692db1e2d25316ad6461dcaef6833

  • Size

    3.5MB

  • Sample

    241019-3c1jgavgkf

  • MD5

    1a2c6af6c5125c50a65b0f54e1bd44c3

  • SHA1

    590721a609cb9913f42c844752ff5baa37098db5

  • SHA256

    8615704a3f4fe08fe67546a2a9efa2846a4692db1e2d25316ad6461dcaef6833

  • SHA512

    6ea4066abe239dc32049e30a323fab6916c36d6ce41e776ef8029fe3e61a377b062d1fbfa3dd9058d1f4cf52fbc05593691fbc3642e8b772d62ee092d0331c6c

  • SSDEEP

    49152:9INGhy6EqNZcBpeapeApIDn0apLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjv:Zv/LK3BDhtvS0Hpe4zbpaAKL

Malware Config

Targets

    • Target

      8615704a3f4fe08fe67546a2a9efa2846a4692db1e2d25316ad6461dcaef6833

    • Size

      3.5MB

    • MD5

      1a2c6af6c5125c50a65b0f54e1bd44c3

    • SHA1

      590721a609cb9913f42c844752ff5baa37098db5

    • SHA256

      8615704a3f4fe08fe67546a2a9efa2846a4692db1e2d25316ad6461dcaef6833

    • SHA512

      6ea4066abe239dc32049e30a323fab6916c36d6ce41e776ef8029fe3e61a377b062d1fbfa3dd9058d1f4cf52fbc05593691fbc3642e8b772d62ee092d0331c6c

    • SSDEEP

      49152:9INGhy6EqNZcBpeapeApIDn0apLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjv:Zv/LK3BDhtvS0Hpe4zbpaAKL

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks