General

  • Target

    Loader.zip

  • Size

    94KB

  • Sample

    241029-fg8pbatkcm

  • MD5

    80b8e03154e531ae22cdad9da43637c5

  • SHA1

    91d49e2bdf53f41502c3879144c1bd8930ae9ff4

  • SHA256

    5f227a96e12db3cb3d4f39028e7ee99526e7704301e25bb77fedf478a99f2739

  • SHA512

    6e2db772ac752a0c8bfcd4a95f9c15261d668d548c29f351ab67502b54d9b06c7299e9badb3560d018f1e1d886fa7ac85c388c787f5df3ea98858c8a69fbf1cb

  • SSDEEP

    1536:GrMMFx7IZJRbbMvODx4aQybep5UR/yxe1Baiws7LToj+DRqGMyhQEtftnMUa7vqT:wbx7IJMvQ4aFbesdyxaXX1DRn5MUabqT

Malware Config

Targets

    • Target

      Loader 3.0.exe

    • Size

      147KB

    • MD5

      ff4cd364323fc2048c35783a38070aef

    • SHA1

      4736172dd07a3a196343b94dd56b4e4edc0f2bce

    • SHA256

      6dd7522accb6773bade16720b53ca577574defae5b1c7caf4b7fc6826dfed7e7

    • SHA512

      c72b07b78ccbcfad14fa9f7bc3e8a086c29969b4f7f30dbe57a1a173cd82d61a20bf5ead0bc7b627d5d7f7f0def71710e2ce09590be7a886ad6c9414981eb961

    • SSDEEP

      1536:FzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDEtDyI4njdbJBGCkmsQwvB6jr4j:GqJogYkcSNm9V7Dk4F91qYUrnbT

    • Renames multiple (505) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.