General
-
Target
Ransom.exe
-
Size
5.1MB
-
Sample
241031-lj8d8awdlj
-
MD5
4e4c334b15ce6a5cb7b7e3ee7bb9fc68
-
SHA1
1739d1f6c4ebd7873ddbe6fa2a2d4e3e6ff28c27
-
SHA256
7b11657941517c71a0b5b4bef5da851700f80508698071da530fc2245bfcd86c
-
SHA512
e2183276308ef32b697cbd8dcdb51e72d2cda5f883a614ed043c4fd9f89167a89582734a416a0c34d27cdd25f2f44336f0b3688cc5fb8d425caa567343cf822f
-
SSDEEP
98304:HUpFu1oFkKNkqj31PeQx2bJ9Fbn2zSUPAgyxcx4AQ8zJoXWBxWz3BHa7lXfhQ:m4aOnQ4bJbbeAux43JWHWz3BHa79fh
Behavioral task
behavioral1
Sample
Ransom.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Ransom.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Ransom.exe
-
Size
5.1MB
-
MD5
4e4c334b15ce6a5cb7b7e3ee7bb9fc68
-
SHA1
1739d1f6c4ebd7873ddbe6fa2a2d4e3e6ff28c27
-
SHA256
7b11657941517c71a0b5b4bef5da851700f80508698071da530fc2245bfcd86c
-
SHA512
e2183276308ef32b697cbd8dcdb51e72d2cda5f883a614ed043c4fd9f89167a89582734a416a0c34d27cdd25f2f44336f0b3688cc5fb8d425caa567343cf822f
-
SSDEEP
98304:HUpFu1oFkKNkqj31PeQx2bJ9Fbn2zSUPAgyxcx4AQ8zJoXWBxWz3BHa7lXfhQ:m4aOnQ4bJbbeAux43JWHWz3BHa79fh
-
Renames multiple (8203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1