General

  • Target

    501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45

  • Size

    93KB

  • Sample

    241019-zyacma1cll

  • MD5

    70501eaba6942d8645bdbcc75f971112

  • SHA1

    15be29066da06b3d2e7e771afb1ffb637d966987

  • SHA256

    501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45

  • SHA512

    999c020d80f6bbe99399218afcc68d9a9e43fd8896e6b87a39982b64ab97ce258bff1119468e2a1434c9e3d0406a24bf8b3e089ab26436581fb3b6b6e227cfa0

  • SSDEEP

    1536:M7qnkAQtSaoGo5n7iLG0/WM6HzNHSaYqezDjxoR0s0QemQfGx8Ni:FCSjGoupWM6Tb8DjxoFeXGe4

Malware Config

Targets

    • Target

      501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45

    • Size

      93KB

    • MD5

      70501eaba6942d8645bdbcc75f971112

    • SHA1

      15be29066da06b3d2e7e771afb1ffb637d966987

    • SHA256

      501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45

    • SHA512

      999c020d80f6bbe99399218afcc68d9a9e43fd8896e6b87a39982b64ab97ce258bff1119468e2a1434c9e3d0406a24bf8b3e089ab26436581fb3b6b6e227cfa0

    • SSDEEP

      1536:M7qnkAQtSaoGo5n7iLG0/WM6HzNHSaYqezDjxoR0s0QemQfGx8Ni:FCSjGoupWM6Tb8DjxoFeXGe4

    • Renames multiple (175) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks