General

  • Target

    eaf3aafce594d6e5940b72c49434cf760a1a9b467edbbec8fd3982629d27e0a1N

  • Size

    4.3MB

  • Sample

    241105-1kpe3ayldv

  • MD5

    525e124c1a89c92217a883439668db80

  • SHA1

    ca4633591d591afd596956666e31d95a7ff3b41d

  • SHA256

    eaf3aafce594d6e5940b72c49434cf760a1a9b467edbbec8fd3982629d27e0a1

  • SHA512

    6b08cc1a6c4df099d99052424ab89615ad0b4b7e8d173d02a1ff08debf3f07510270f720e272f9251c7802239a577025a345dc86cfd2db8a2da6289e926aed19

  • SSDEEP

    49152:9PzNrv5NbfscEmKev3KcYq1r7RISY4+jfC09VbGR0T1c0tkAxT66LV8kq160vA:z/o1c0tkStykq1604

Malware Config

Targets

    • Target

      eaf3aafce594d6e5940b72c49434cf760a1a9b467edbbec8fd3982629d27e0a1N

    • Size

      4.3MB

    • MD5

      525e124c1a89c92217a883439668db80

    • SHA1

      ca4633591d591afd596956666e31d95a7ff3b41d

    • SHA256

      eaf3aafce594d6e5940b72c49434cf760a1a9b467edbbec8fd3982629d27e0a1

    • SHA512

      6b08cc1a6c4df099d99052424ab89615ad0b4b7e8d173d02a1ff08debf3f07510270f720e272f9251c7802239a577025a345dc86cfd2db8a2da6289e926aed19

    • SSDEEP

      49152:9PzNrv5NbfscEmKev3KcYq1r7RISY4+jfC09VbGR0T1c0tkAxT66LV8kq160vA:z/o1c0tkStykq1604

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks