General

  • Target

    2ffa097f47e236dd15fe979fff539cdc195e625e4509193d193ddb02aa979448N

  • Size

    139KB

  • Sample

    241027-s6g9wazdrq

  • MD5

    e57e030f4ae7108acc49003ab4bc50b0

  • SHA1

    9b48b69a57ececccc654c1236f242893af4e1b77

  • SHA256

    2ffa097f47e236dd15fe979fff539cdc195e625e4509193d193ddb02aa979448

  • SHA512

    c5bee99d010219f411ced861936a7f987d47d0387adb6021b176d55d9a6c0480c8698dd94dbae0e26bd05fe70b865167337995673f3c6beb83c9b284eba9a8e4

  • SSDEEP

    3072:CtES1Oz0hS6+uaDqLUQG/IyshyRYeK/CM+kh5R10SovS8v:puO4aOY/IyshyRYP2iR10Sovx

Malware Config

Targets

    • Target

      2ffa097f47e236dd15fe979fff539cdc195e625e4509193d193ddb02aa979448N

    • Size

      139KB

    • MD5

      e57e030f4ae7108acc49003ab4bc50b0

    • SHA1

      9b48b69a57ececccc654c1236f242893af4e1b77

    • SHA256

      2ffa097f47e236dd15fe979fff539cdc195e625e4509193d193ddb02aa979448

    • SHA512

      c5bee99d010219f411ced861936a7f987d47d0387adb6021b176d55d9a6c0480c8698dd94dbae0e26bd05fe70b865167337995673f3c6beb83c9b284eba9a8e4

    • SSDEEP

      3072:CtES1Oz0hS6+uaDqLUQG/IyshyRYeK/CM+kh5R10SovS8v:puO4aOY/IyshyRYP2iR10Sovx

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (87) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks