General

  • Target

    c6aa6d2b067ac135a5b99d1943cf7e5196c8f30846cac76675c541bfb0313377N

  • Size

    162KB

  • Sample

    241020-f5d5lstcqr

  • MD5

    c33d9473f5abcb42d518f5bffc1b7fc0

  • SHA1

    2a6fed08609f56452b938488dfe7a326d1f29201

  • SHA256

    c6aa6d2b067ac135a5b99d1943cf7e5196c8f30846cac76675c541bfb0313377

  • SHA512

    38adce396a712b62ec9abc3fc37c6db352b312098743990ba901cc379f238bd24cc3a759f83ab7ea15099e5317f8b11ed71928ed9f494a1a4a37d0ec7a6aff6e

  • SSDEEP

    3072:DCkWF9W5Y827CiELVjaxZUwOObjEH57v7ZH787Lm1jXvA6l01F4OgBjHm+EDFRC0:09eyGFaxZUwO6EH57v7ZH787Lm1jXvA3

Malware Config

Targets

    • Target

      c6aa6d2b067ac135a5b99d1943cf7e5196c8f30846cac76675c541bfb0313377N

    • Size

      162KB

    • MD5

      c33d9473f5abcb42d518f5bffc1b7fc0

    • SHA1

      2a6fed08609f56452b938488dfe7a326d1f29201

    • SHA256

      c6aa6d2b067ac135a5b99d1943cf7e5196c8f30846cac76675c541bfb0313377

    • SHA512

      38adce396a712b62ec9abc3fc37c6db352b312098743990ba901cc379f238bd24cc3a759f83ab7ea15099e5317f8b11ed71928ed9f494a1a4a37d0ec7a6aff6e

    • SSDEEP

      3072:DCkWF9W5Y827CiELVjaxZUwOObjEH57v7ZH787Lm1jXvA6l01F4OgBjHm+EDFRC0:09eyGFaxZUwO6EH57v7ZH787Lm1jXvA3

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (78) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks