General

  • Target

    8ef616873e49a9c9a9346f48e50cf60af23269b9ba50c4365762cb51e9c57274N

  • Size

    4.9MB

  • Sample

    241106-d6cl3atjhs

  • MD5

    075ff130f0012c00b07e292ba81761d0

  • SHA1

    135f1a3385e4ffe63f66076166a424406d3edf6f

  • SHA256

    8ef616873e49a9c9a9346f48e50cf60af23269b9ba50c4365762cb51e9c57274

  • SHA512

    d11dae85f3ec56073348ee22d3e1ad7038a322254ae277b0476c2624af7cee98d44fcefef434be0a7e1c3d60b4b9fd70044c2f819843395271cca3715f65e898

  • SSDEEP

    49152:9G/xFnOvtaWIDn0a2qnqYQVMkL+q/vSWidGHp+NDGQUzbpDOfjxAkrQKl+RPAFIA:OaklJKvS0Hpe4zbpaAKQkroGIC

Malware Config

Targets

    • Target

      8ef616873e49a9c9a9346f48e50cf60af23269b9ba50c4365762cb51e9c57274N

    • Size

      4.9MB

    • MD5

      075ff130f0012c00b07e292ba81761d0

    • SHA1

      135f1a3385e4ffe63f66076166a424406d3edf6f

    • SHA256

      8ef616873e49a9c9a9346f48e50cf60af23269b9ba50c4365762cb51e9c57274

    • SHA512

      d11dae85f3ec56073348ee22d3e1ad7038a322254ae277b0476c2624af7cee98d44fcefef434be0a7e1c3d60b4b9fd70044c2f819843395271cca3715f65e898

    • SSDEEP

      49152:9G/xFnOvtaWIDn0a2qnqYQVMkL+q/vSWidGHp+NDGQUzbpDOfjxAkrQKl+RPAFIA:OaklJKvS0Hpe4zbpaAKQkroGIC

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks