General

  • Target

    1148a0ff2fe3378dd9d90ffe86948b011f89ce3b0b3bedadf803346b8f399e80

  • Size

    977KB

  • Sample

    241105-yjv54sxckg

  • MD5

    e7b4a7960fdd81a24b636209de6598b9

  • SHA1

    70c80a318b993e8fdd339accc8dab26ea766c6f3

  • SHA256

    1148a0ff2fe3378dd9d90ffe86948b011f89ce3b0b3bedadf803346b8f399e80

  • SHA512

    b721c4ff7e40c563ba6beecdd8d51c4ab9daeaa81a0f4e8d6851ad7c251e7e120ed7a6095cac8eb3ea1dac133a917d69823b4cdcdfaae0db61557eadad06ff4a

  • SSDEEP

    12288:9j9uzymHejP7y8H+RNUDDvRP77+7qB3DWKtsm45Y:9j9QYT/eR0u7C3D1tT45Y

Malware Config

Targets

    • Target

      1148a0ff2fe3378dd9d90ffe86948b011f89ce3b0b3bedadf803346b8f399e80

    • Size

      977KB

    • MD5

      e7b4a7960fdd81a24b636209de6598b9

    • SHA1

      70c80a318b993e8fdd339accc8dab26ea766c6f3

    • SHA256

      1148a0ff2fe3378dd9d90ffe86948b011f89ce3b0b3bedadf803346b8f399e80

    • SHA512

      b721c4ff7e40c563ba6beecdd8d51c4ab9daeaa81a0f4e8d6851ad7c251e7e120ed7a6095cac8eb3ea1dac133a917d69823b4cdcdfaae0db61557eadad06ff4a

    • SSDEEP

      12288:9j9uzymHejP7y8H+RNUDDvRP77+7qB3DWKtsm45Y:9j9QYT/eR0u7C3D1tT45Y

    • Renames multiple (317) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks