Resubmissions

31/10/2024, 14:48

241031-r6rymsyles 9

31/10/2024, 02:03

241031-cgr5saxcmr 9

General

  • Target

    ransomware.exe

  • Size

    28.5MB

  • Sample

    241031-cgr5saxcmr

  • MD5

    1043f4a46c1e9a104751e84a6e6e76f8

  • SHA1

    810f280dd554abc962a55b3531ade973360df8b3

  • SHA256

    529f38f3397fe281d5a0c1030d474902989f7ca79a7ca1bcab1fcafe27bf6ad4

  • SHA512

    766158c5a767f8529e8d18fbb1ccc263703b5e48c51e6be8591970e83cf340f9c9ab4d82964457706643abea1544ab52f76b0dbeaa4af5e05a7a719c86b2949a

  • SSDEEP

    786432:xwgoW8kHhyVmdG+nUU0sc6yL2WEsOd9NZ0YmxEm:27W5hyVQGsOX6yiWUcxE

Malware Config

Targets

    • Target

      ransomware.exe

    • Size

      28.5MB

    • MD5

      1043f4a46c1e9a104751e84a6e6e76f8

    • SHA1

      810f280dd554abc962a55b3531ade973360df8b3

    • SHA256

      529f38f3397fe281d5a0c1030d474902989f7ca79a7ca1bcab1fcafe27bf6ad4

    • SHA512

      766158c5a767f8529e8d18fbb1ccc263703b5e48c51e6be8591970e83cf340f9c9ab4d82964457706643abea1544ab52f76b0dbeaa4af5e05a7a719c86b2949a

    • SSDEEP

      786432:xwgoW8kHhyVmdG+nUU0sc6yL2WEsOd9NZ0YmxEm:27W5hyVQGsOX6yiWUcxE

    • Renames multiple (26025) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks