General

  • Target

    23d8e640ccda56ac494dd42918728cec494ebfe12af9470f2e4e698114051ce8N

  • Size

    120KB

  • Sample

    241020-hdnabathjg

  • MD5

    88d89dca98ad83466cd33d659f1f7650

  • SHA1

    81f1a622cc743174cd818d90d801743eba174160

  • SHA256

    23d8e640ccda56ac494dd42918728cec494ebfe12af9470f2e4e698114051ce8

  • SHA512

    13de6cb56bd6f2f6fa19adf684506a170a9d3898da4560bc7f3a6ab8232527fca867fcd572313601251f58b70fd0379b8ee6b469f6a6a1e27f67c6a9a5326e34

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TUcdq7Zf/FAxTWoJJ7TUcdNwA:fny1obny1owwA

Malware Config

Targets

    • Target

      23d8e640ccda56ac494dd42918728cec494ebfe12af9470f2e4e698114051ce8N

    • Size

      120KB

    • MD5

      88d89dca98ad83466cd33d659f1f7650

    • SHA1

      81f1a622cc743174cd818d90d801743eba174160

    • SHA256

      23d8e640ccda56ac494dd42918728cec494ebfe12af9470f2e4e698114051ce8

    • SHA512

      13de6cb56bd6f2f6fa19adf684506a170a9d3898da4560bc7f3a6ab8232527fca867fcd572313601251f58b70fd0379b8ee6b469f6a6a1e27f67c6a9a5326e34

    • SSDEEP

      1536:V7Zf/FAxTWoJJ7TUcdq7Zf/FAxTWoJJ7TUcdNwA:fny1obny1owwA

    • Renames multiple (4113) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks