General

  • Target

    5615d756293528cc62561f390a6ddaa71936d17ed035fb959aebaa958e29806cN

  • Size

    2.1MB

  • Sample

    241105-zvf11axqdv

  • MD5

    7c7a55ebf7dbcaf2de5825b5e64ba4a0

  • SHA1

    5495e0ade75fecc657f375fe3fca58cd24bd1965

  • SHA256

    5615d756293528cc62561f390a6ddaa71936d17ed035fb959aebaa958e29806c

  • SHA512

    29791d1c200f21c745a3c08113ffde8c2e57e0f084aaf14eb403b21de22fb3a7963d51bfbcabff610f5fd27fda5b195caa1b571668efa2ffa311330f4f60a4ff

  • SSDEEP

    49152:9mHMJuQ9mhkjgMj7SwYfy3V8VD01yPiI4cCd2ilpXHJT8mpaZQUSNl9X6f4IeY0X:mK9X5Iddq41Lxry

Malware Config

Targets

    • Target

      5615d756293528cc62561f390a6ddaa71936d17ed035fb959aebaa958e29806cN

    • Size

      2.1MB

    • MD5

      7c7a55ebf7dbcaf2de5825b5e64ba4a0

    • SHA1

      5495e0ade75fecc657f375fe3fca58cd24bd1965

    • SHA256

      5615d756293528cc62561f390a6ddaa71936d17ed035fb959aebaa958e29806c

    • SHA512

      29791d1c200f21c745a3c08113ffde8c2e57e0f084aaf14eb403b21de22fb3a7963d51bfbcabff610f5fd27fda5b195caa1b571668efa2ffa311330f4f60a4ff

    • SSDEEP

      49152:9mHMJuQ9mhkjgMj7SwYfy3V8VD01yPiI4cCd2ilpXHJT8mpaZQUSNl9X6f4IeY0X:mK9X5Iddq41Lxry

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks