General

  • Target

    Loader.zip

  • Size

    94KB

  • Sample

    241029-fg8pbatkcm

  • MD5

    80b8e03154e531ae22cdad9da43637c5

  • SHA1

    91d49e2bdf53f41502c3879144c1bd8930ae9ff4

  • SHA256

    5f227a96e12db3cb3d4f39028e7ee99526e7704301e25bb77fedf478a99f2739

  • SHA512

    6e2db772ac752a0c8bfcd4a95f9c15261d668d548c29f351ab67502b54d9b06c7299e9badb3560d018f1e1d886fa7ac85c388c787f5df3ea98858c8a69fbf1cb

  • SSDEEP

    1536:GrMMFx7IZJRbbMvODx4aQybep5UR/yxe1Baiws7LToj+DRqGMyhQEtftnMUa7vqT:wbx7IJMvQ4aFbesdyxaXX1DRn5MUabqT

Malware Config

Targets

    • Target

      Loader 3.0.exe

    • Size

      147KB

    • MD5

      ff4cd364323fc2048c35783a38070aef

    • SHA1

      4736172dd07a3a196343b94dd56b4e4edc0f2bce

    • SHA256

      6dd7522accb6773bade16720b53ca577574defae5b1c7caf4b7fc6826dfed7e7

    • SHA512

      c72b07b78ccbcfad14fa9f7bc3e8a086c29969b4f7f30dbe57a1a173cd82d61a20bf5ead0bc7b627d5d7f7f0def71710e2ce09590be7a886ad6c9414981eb961

    • SSDEEP

      1536:FzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDEtDyI4njdbJBGCkmsQwvB6jr4j:GqJogYkcSNm9V7Dk4F91qYUrnbT

    • Renames multiple (505) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks