General

  • Target

    Ransom.exe

  • Size

    5.1MB

  • Sample

    241031-k82sasvhqc

  • MD5

    4e4c334b15ce6a5cb7b7e3ee7bb9fc68

  • SHA1

    1739d1f6c4ebd7873ddbe6fa2a2d4e3e6ff28c27

  • SHA256

    7b11657941517c71a0b5b4bef5da851700f80508698071da530fc2245bfcd86c

  • SHA512

    e2183276308ef32b697cbd8dcdb51e72d2cda5f883a614ed043c4fd9f89167a89582734a416a0c34d27cdd25f2f44336f0b3688cc5fb8d425caa567343cf822f

  • SSDEEP

    98304:HUpFu1oFkKNkqj31PeQx2bJ9Fbn2zSUPAgyxcx4AQ8zJoXWBxWz3BHa7lXfhQ:m4aOnQ4bJbbeAux43JWHWz3BHa79fh

Malware Config

Targets

    • Target

      Ransom.exe

    • Size

      5.1MB

    • MD5

      4e4c334b15ce6a5cb7b7e3ee7bb9fc68

    • SHA1

      1739d1f6c4ebd7873ddbe6fa2a2d4e3e6ff28c27

    • SHA256

      7b11657941517c71a0b5b4bef5da851700f80508698071da530fc2245bfcd86c

    • SHA512

      e2183276308ef32b697cbd8dcdb51e72d2cda5f883a614ed043c4fd9f89167a89582734a416a0c34d27cdd25f2f44336f0b3688cc5fb8d425caa567343cf822f

    • SSDEEP

      98304:HUpFu1oFkKNkqj31PeQx2bJ9Fbn2zSUPAgyxcx4AQ8zJoXWBxWz3BHa7lXfhQ:m4aOnQ4bJbbeAux43JWHWz3BHa79fh

    • Renames multiple (7532) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks