General

  • Target

    d6e6051b21cd21718e37cf4667a8c5b201a3f7afe5c920098511711a19825546N

  • Size

    2.2MB

  • Sample

    241105-s2hpvasre1

  • MD5

    1b4cd362a679f6c44502433191aa8820

  • SHA1

    aed0eed9aad40db0ea39e72ae4b30f344a87861f

  • SHA256

    d6e6051b21cd21718e37cf4667a8c5b201a3f7afe5c920098511711a19825546

  • SHA512

    78972ed1a717a0fadac0e8d983b23917e795bcdc399a77e9db3fca13473a442d6e779940010898ebb2299f6b8d8a0dc610531b0ca969bf6e2e36f2f2cc8cae5c

  • SSDEEP

    24576:9ji4pgkE2fh4Co5JG2W14MGwAvcrCVcPM9W4OnkSCIpUlZXUbOpz:9GmgkEaSTJG2W9ecXpUlZX3pz

Malware Config

Targets

    • Target

      d6e6051b21cd21718e37cf4667a8c5b201a3f7afe5c920098511711a19825546N

    • Size

      2.2MB

    • MD5

      1b4cd362a679f6c44502433191aa8820

    • SHA1

      aed0eed9aad40db0ea39e72ae4b30f344a87861f

    • SHA256

      d6e6051b21cd21718e37cf4667a8c5b201a3f7afe5c920098511711a19825546

    • SHA512

      78972ed1a717a0fadac0e8d983b23917e795bcdc399a77e9db3fca13473a442d6e779940010898ebb2299f6b8d8a0dc610531b0ca969bf6e2e36f2f2cc8cae5c

    • SSDEEP

      24576:9ji4pgkE2fh4Co5JG2W14MGwAvcrCVcPM9W4OnkSCIpUlZXUbOpz:9GmgkEaSTJG2W9ecXpUlZX3pz

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks