General

  • Target

    526613447e3fab1375062a6cd1a92f9494d712f1384f850ef46f364a6cc1a411

  • Size

    6.6MB

  • Sample

    241105-hdb72syqbq

  • MD5

    c624568e033887437008f25588e3d9ce

  • SHA1

    86a6e0446fbd19a7a9bbd097bcd0de4f8d41f8d9

  • SHA256

    526613447e3fab1375062a6cd1a92f9494d712f1384f850ef46f364a6cc1a411

  • SHA512

    8b195760bed271a00ca615a36d8c50c9feac6328c8061ec3340c716177c61e79fd84c5c1665a2b4cee2fcb537c54501c25173476b9970409ebdfa8be7218006a

  • SSDEEP

    196608:2ESpuhPRSIIlKBX0EOJ7+n22Ze0+4O9D0FT:8uxstlKBX0EQaZS40Ql

Malware Config

Targets

    • Target

      526613447e3fab1375062a6cd1a92f9494d712f1384f850ef46f364a6cc1a411

    • Size

      6.6MB

    • MD5

      c624568e033887437008f25588e3d9ce

    • SHA1

      86a6e0446fbd19a7a9bbd097bcd0de4f8d41f8d9

    • SHA256

      526613447e3fab1375062a6cd1a92f9494d712f1384f850ef46f364a6cc1a411

    • SHA512

      8b195760bed271a00ca615a36d8c50c9feac6328c8061ec3340c716177c61e79fd84c5c1665a2b4cee2fcb537c54501c25173476b9970409ebdfa8be7218006a

    • SSDEEP

      196608:2ESpuhPRSIIlKBX0EOJ7+n22Ze0+4O9D0FT:8uxstlKBX0EQaZS40Ql

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (314) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks