General

  • Target

    c761ce1aa2524b93bbf834c8acb614300825a9e04f480f0c3238bf01414bbc28N

  • Size

    2.1MB

  • Sample

    241105-rd746avmer

  • MD5

    472892f49a71079ff681d14894bbe240

  • SHA1

    f23c5f31316884602bb42f4f863fae648b3931ad

  • SHA256

    c761ce1aa2524b93bbf834c8acb614300825a9e04f480f0c3238bf01414bbc28

  • SHA512

    accde89c24c78fcb53e860379b05a9ad7971345f659d674e941612ddacd22c4c2d6ebd6eea70ac7a585b5e9be0c75bf3a2975d928e326451c422092fac61c767

  • SSDEEP

    49152:9jHmRehwPofNSNl9X6f4IeY0+h1s410I1xIdcxyNt:tHmRNYK9X5Iddq41Lxry

Malware Config

Targets

    • Target

      c761ce1aa2524b93bbf834c8acb614300825a9e04f480f0c3238bf01414bbc28N

    • Size

      2.1MB

    • MD5

      472892f49a71079ff681d14894bbe240

    • SHA1

      f23c5f31316884602bb42f4f863fae648b3931ad

    • SHA256

      c761ce1aa2524b93bbf834c8acb614300825a9e04f480f0c3238bf01414bbc28

    • SHA512

      accde89c24c78fcb53e860379b05a9ad7971345f659d674e941612ddacd22c4c2d6ebd6eea70ac7a585b5e9be0c75bf3a2975d928e326451c422092fac61c767

    • SSDEEP

      49152:9jHmRehwPofNSNl9X6f4IeY0+h1s410I1xIdcxyNt:tHmRNYK9X5Iddq41Lxry

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks