General

  • Target

    Archive.zip

  • Size

    55.4MB

  • Sample

    241105-xgbg9ayphk

  • MD5

    d8f53d3cbc03adffce3e607e99d4052a

  • SHA1

    a138d500c25040bd050057021c0c59cba8f67668

  • SHA256

    9084e2889be461a8ab33fd8452ae7903ed79246dadee6dd2dae28fa21470b08f

  • SHA512

    c1613d0efdfef280e7cdae72e0fed663db033860ae40877339fee7acecc8cbd6bf74c8f6e61743fdfe026a72be0a0ffa3b030e5f908ec359eb1fb111c83d3cf9

  • SSDEEP

    1572864:PGfpVcwO9y/mGsstAoJbQyZkuRvIXv2rOFRa6/Ic81:Ip69sssxZQyWuKXv2rp6/IL

Score
9/10

Malware Config

Targets

    • Target

      Archive.zip

    • Size

      55.4MB

    • MD5

      d8f53d3cbc03adffce3e607e99d4052a

    • SHA1

      a138d500c25040bd050057021c0c59cba8f67668

    • SHA256

      9084e2889be461a8ab33fd8452ae7903ed79246dadee6dd2dae28fa21470b08f

    • SHA512

      c1613d0efdfef280e7cdae72e0fed663db033860ae40877339fee7acecc8cbd6bf74c8f6e61743fdfe026a72be0a0ffa3b030e5f908ec359eb1fb111c83d3cf9

    • SSDEEP

      1572864:PGfpVcwO9y/mGsstAoJbQyZkuRvIXv2rOFRa6/Ic81:Ip69sssxZQyWuKXv2rp6/IL

    Score
    9/10
    • Renames multiple (317) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks