General
-
Target
Loader.zip
-
Size
94KB
-
Sample
241029-fg8pbatkcm
-
MD5
80b8e03154e531ae22cdad9da43637c5
-
SHA1
91d49e2bdf53f41502c3879144c1bd8930ae9ff4
-
SHA256
5f227a96e12db3cb3d4f39028e7ee99526e7704301e25bb77fedf478a99f2739
-
SHA512
6e2db772ac752a0c8bfcd4a95f9c15261d668d548c29f351ab67502b54d9b06c7299e9badb3560d018f1e1d886fa7ac85c388c787f5df3ea98858c8a69fbf1cb
-
SSDEEP
1536:GrMMFx7IZJRbbMvODx4aQybep5UR/yxe1Baiws7LToj+DRqGMyhQEtftnMUa7vqT:wbx7IJMvQ4aFbesdyxaXX1DRn5MUabqT
Behavioral task
behavioral1
Sample
Loader 3.0.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Loader 3.0.exe
-
Size
147KB
-
MD5
ff4cd364323fc2048c35783a38070aef
-
SHA1
4736172dd07a3a196343b94dd56b4e4edc0f2bce
-
SHA256
6dd7522accb6773bade16720b53ca577574defae5b1c7caf4b7fc6826dfed7e7
-
SHA512
c72b07b78ccbcfad14fa9f7bc3e8a086c29969b4f7f30dbe57a1a173cd82d61a20bf5ead0bc7b627d5d7f7f0def71710e2ce09590be7a886ad6c9414981eb961
-
SSDEEP
1536:FzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDEtDyI4njdbJBGCkmsQwvB6jr4j:GqJogYkcSNm9V7Dk4F91qYUrnbT
-
Renames multiple (505) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1